Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yowwinnerprize Virus


  • This topic is locked This topic is locked
9 replies to this topic

#1 sam_34132

sam_34132

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 July 2018 - 03:13 AM

Hi everyone,

My computer is runnign slow and every now and then it shuts down. Last week, when I go online I get directed to a site yowwinnerprize and it asks me to claim my prize. I have McAfee installed and running and I downloaded and ran Malwarebytes but that did not help. 

 

Can you please help me?

 

Thanks,

Fadi



BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 17 July 2018 - 03:26 AM

Hello sam_34132 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please complete these tasks in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Run Malwarebytes Anti-Malware

Please download and run the installer for Malwarebytes 3.0.

  • follow the prompts to install the program, (Malwarebytes 3.0 will automatically upgrade Malwarebytes Anti-Malware 2.x to Malwarebytes 3.0)
  • at the end, be sure a checkmark is placed next to the following
    • Launch Malwarebytes Anti-Malware
    • a 14 day trial of the Premium features is pre-selected: deselect this if you don’t want it, (it won’t diminish the scanning and removal capabilities of the program).
  • click Finish.
  • on the Dashboard, click Update Now
  • after the update completes, click the Scan Now' button.
  • if an update is available, clicking the Update Now button will update it
  • a Threat Scan will begin.
  • when the scan is complete, if malware has been detected, click Apply Actions to allow MBAM to clean what was found
  • when the prompt to restart the computer appears, click Yes.
  • after the restart once you are back at your desktop, open MBAM once more
  • click on the ‘History’ tab, the ‘Application Logs’
  • double-click on the scan log which shows the date and time of the scan just performed.
  • click Copy to Clipboard
  • please paste the contents of the clipboard into your reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with the next post:

AdwCleaner log
Mbam.txt
Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 sam_34132

sam_34132
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 July 2018 - 04:54 AM

Hi Satchfan,

Thank you for the very quick response. I truly appreciate it. Please note that JRT got downloaded when I clicked on one of the linked above and a scan ran. I also included the log file from JRT  as well.

I've pasted the log files for your review.

Thank you!!

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build:    06-26-2018
# Database: 2018-07-16.3
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    07-17-2018
# Duration: 00:00:37
# OS:       Windows 10 Home
# Scanned:  41486
# Detected: 2

***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

 

 

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.1.0
# -------------------------------
# Build:    06-26-2018
# Database: 2018-07-16.3
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    07-17-2018
# Duration: 00:00:13
# OS:       Windows 10 Home
# Cleaned:  2
# Failed:   0

***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted       Ask
Deleted       AOL
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.

*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1281 octets] - [17/07/2018 11:50:02]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Fadi (17-07-2018 12:40:27)
Running from C:\Users\Fadi\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-19 21:03:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3647983885-1338035356-1040962617-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3647983885-1338035356-1040962617-503 - Limited - Disabled)
Fadi (S-1-5-21-3647983885-1338035356-1040962617-1001 - Administrator - Enabled) => C:\Users\Fadi
Guest (S-1-5-21-3647983885-1338035356-1040962617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3647983885-1338035356-1040962617-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3647983885-1338035356-1040962617-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco Jabber Guest Add-on (HKLM-x32\...\{608D78B2-704C-4D19-9F46-79BEFA32BB7A}) (Version: 11.0.2.7 - Cisco Systems, Inc.)
Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.)
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.2.99 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.2.99 - Nuance Communications, Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
ExpressVPN (HKLM-x32\...\{49637d60-e11c-4446-8a55-b701c47b5c04}) (Version: 6.4.0.3218 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{7F35E1C0-7401-48C8-AD13-175D88A7C38B}) (Version: 6.4.0.3218 - ExpressVPN) Hidden
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
Git version 2.14.1 (HKLM\...\Git_is1) (Version: 2.14.1 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\GitHubDesktop) (Version: 1.0.0 - GitHub, Inc.)
GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Global VPN Client (HKLM\...\{51E63C85-20E3-49E1-B0F2-4E0431A9CCA4}) (Version: 4.9.14 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 120 series Basic Device Software (HKLM\...\{0E96CEFA-F256-4E54-BB46-34FA4A8847D7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 120 series Help (HKLM-x32\...\{B45F1BFE-C8D5-4F09-BD54-90CB32BEDE12}) (Version: 28.0.0 - Hewlett Packard)
HP ENVY 120 series Product Improvement Study (HKLM\...\{E0C8943E-2DA5-4F82-A54E-76157E95AA30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11100 - Realtek Semiconductor Corp.)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}) (Version: 1.3.2.1030 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.15 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a9888f41-68ae-43df-bd7d-d93405a44106}) (Version: 17.13.11 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Hidden
Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - MultiMode (HKLM-x32\...\{2DCC613D-E94E-4BA6-9642-77C4CA45DB7B}_is1) (Version: 1.1.0.8 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.37 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.88 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.10 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0032 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R13 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.203 - McAfee, Inc.)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visio Standard 2016 - en-us (HKLM\...\VisioStdRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33288.831 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{F944A022-6C4B-4487-86E9-738D2D68650D}) (Version: 3.3.00.116 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{F944A022-6C4B-4487-86E9-738D2D68650D}) (Version: 3.3.00.116 - O2Micro International LTD.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.00 - )
Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{4C6A5272-AB0C-4913-8E66-C7B408C761A4}) (Version: 40.11.1122.1796 - HP Inc.)
Python 3.6.1 (Anaconda3 4.4.0 64-bit) (HKLM\...\Python 3.6.1 (Anaconda3 4.4.0 64-bit)) (Version: 4.4.0 - Continuum Analytics, Inc.)
Python 3.6.2 (64-bit) (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\{f71cfe9a-4a67-48a6-844b-571a76b33d33}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Core Interpreter (64-bit symbols) (HKLM\...\{945357E1-6DEF-4AFF-A850-436BCB4436F6}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (64-bit) (HKLM\...\{DBBB1BBC-A398-4262-9C25-D7A6E9B06841}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (64-bit) (HKLM\...\{7EC331E8-5683-4B2B-A22B-5925DBE5E06E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (64-bit) (HKLM\...\{978543A0-731D-4BEF-9CB6-9835B1DFFB33}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit symbols) (HKLM\...\{D3CF3208-359F-43D5-934A-C8F0C041441D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit) (HKLM\...\{90A9D089-DB6E-48DC-9EEC-7F2229B2DFF0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (64-bit) (HKLM\...\{4FF902DF-D960-4A78-9C04-9D8E1CC33149}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit symbols) (HKLM\...\{28AC6C7B-38C1-4723-9E72-52FD1AD415C7}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit) (HKLM\...\{1D2E9660-8DD7-4830-AFA6-5EC160F37A4E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit symbols) (HKLM\...\{9B506A0E-10D4-4B1D-AE7A-CADDDAF73F39}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit) (HKLM\...\{27B26342-82FB-4CA4-9ADB-D09982631CB0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit symbols) (HKLM\...\{749C57BE-1822-465B-8332-9CBE341B83DA}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit) (HKLM\...\{9EE8E58D-3021-40C5-8FBB-BF3A91A0B44D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (64-bit) (HKLM\...\{907B8BA6-C91D-4A8E-8237-828BFAB77C63}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.9 - NVIDIA Corporation) Hidden
Snagit 13 (HKLM-x32\...\{99cd7d37-46bf-44d7-857e-7514a1bd3e83}) (Version: 13.1.1.7662 - TechSmith Corporation)
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.0.30.51 - EnigmaSoft Limited)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.30 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.216.1616.137 - ALPS ELECTRIC CO., LTD.)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.20.1114.2014 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.03.00 - Lenovo) Hidden
TOEFL Official Guide 4.0 (HKLM-x32\...\TOEFL Official Guide) (Version: 4.0 - McGraw-Hill)
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows Driver Package - Alps (ApfiltrService) Mouse  (11/07/2014 8.216.1616.114) (HKLM\...\41971DA027600AD7B096FE14E6C0E9274B6BFD79) (Version: 11/07/2014 8.216.1616.114 - Alps)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/22/2014 13.5.0.1056) (HKLM\...\5EC6580D569A9D3B15C34964E5BB5BC263F05FE5) (Version: 08/22/2014 13.5.0.1056 - Intel Corporation)
Windows Driver Package - Intel® Corporation (VirtualButtons) System  (10/17/2013 1.0.0.15) (HKLM\...\41EFF33D709064D437FD3001D1E09AB2D8E9AA7C) (Version: 10/17/2013 1.0.0.15 - Intel® Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Workbooks and Inspector (HKLM-x32\...\{4C9771FB-6EB6-4E89-A2BE-BDE8B61C1BEC}) (Version: 1.2.2.9000 - Xamarin) Hidden
Xamarin.Bonjour v1.0.13 (HKLM-x32\...\{32B2DF61-DE93-4AF9-A7A6-79B03299A0AA}) (Version: 1.0.13.0 - Xamarin) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ECE3F0D2EF0F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-12] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-17] (TechSmith Corporation)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-17] (TechSmith Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-12] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {022ACAA3-03EB-4D83-980D-53A2531F3D99} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-07-08] ()
Task: {05D73701-58DC-49D0-82CB-9E56B84045A8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
Task: {09F67968-EDE3-41D1-9D5A-C727F4BE28F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {1325651D-A86B-445B-AB01-0E9D9C3A8ED8} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-07] (HP Inc.)
Task: {140C6411-EBE6-40EA-9462-9543FB2D5C46} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {16E15D5D-107B-489C-9F7E-3D9BDAB52F10} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {1D88DDE6-36A5-447F-A0DA-4D6048084732} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {21650BD6-35B3-4002-9EBF-381F9C047BA1} - System32\Tasks\Lenovo App Services => C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe [2016-10-06] (Lenovo)
Task: {234CA682-230F-494D-8A88-1B965A0B5B92} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-25] (Realtek Semiconductor)
Task: {248178EF-0CF0-46EE-8193-3DD38DD5F2D0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {2679436A-EDBF-40AD-A72F-EF2C053EB0CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-12] (Microsoft Corporation)
Task: {2B40AFED-87FC-4E67-AC03-9762CA196CE7} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-25] (Realtek Semiconductor)
Task: {2D447704-5330-413B-B6F9-50294F9EEE12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-21] (HP Inc.)
Task: {3177C8A1-45A0-4B32-9561-1580F2ACDCBE} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2018-02-07] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D9DA7AA-75F3-4BA0-9FCE-B01083BFE95C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {413D6986-E1E3-4E46-90AC-92F9E0190073} - System32\Tasks\HPCustParticipation HP ENVY 120 series => C:\Program Files\HP\HP ENVY 120 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {43A76AB0-D0B9-4CE5-B4ED-F949BB995185} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-03] ()
Task: {457974FA-7AF6-419A-8785-839467316EC4} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {48DD17F8-8222-4256-9EAC-5F6BA9B66F89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {4F4F7C8C-0AD5-48D6-ACC0-4A968BAC78D3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {53114FC7-B549-4F42-B795-4A238868B420} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-alsabee@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {5486B230-7AAD-4F59-A860-D7ED84FEABA4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-12] (Microsoft Corporation)
Task: {57FF44E7-8587-4431-A315-6CA83715FBEF} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6893D708-29F0-40A3-AB68-661266A18773} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-03] (Lenovo)
Task: {6EBF8FD3-193F-4D41-881E-45BB3E939D4E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-12] (Microsoft Corporation)
Task: {70DA9CA8-F080-44DF-ABC1-6F9929E46955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {74298A72-507C-4B3B-8841-3F6D3B025DCD} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {7B05B187-214D-463D-BCD3-9B79463AAACC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {7B1859BB-B882-4BD3-867A-D33574170C38} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-03] (Lenovo)
Task: {7EE60412-BA7A-401F-9ABB-11FCF1F593BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {8493E97F-603D-4C72-BEBD-F28DDAEED646} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {8AB313CE-6401-4CDB-AEC5-F0C7DF5D05C8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FF6713B-E2F8-47B4-991D-A6AE7BE0F8B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {90B6F06E-8459-4336-A6C6-9C4F79FFBDF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {968D03D0-026E-4466-9F72-20063C193692} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-25] (Realtek Semiconductor)
Task: {9AFBAAAB-3A00-45DF-9759-4208F1C9B532} - \WPD\SqmUpload_S-1-5-21-3647983885-1338035356-1040962617-1001 -> No File <==== ATTENTION
Task: {9DDAD801-1084-4CB2-B78C-4861EFF6C31D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-03] (Lenovo)
Task: {A2EB15E8-8FC0-49F7-962B-CCE85C206361} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {A7B50BAE-E980-4492-BF4C-F70112AED1AB} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {AD79CFD7-C2E9-4571-B1B8-95160CF10D02} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-19] (Lenovo)
Task: {BC1771FB-7589-4F52-BDEE-C4EB60E95E45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BD353F2D-1960-4D36-B43F-7287730F0DEF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-12] (Microsoft Corporation)
Task: {C4309BCB-8AEB-40C8-87E5-878A98AE8761} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fd2c7f9d-c7c9-413e-9499-da230cd7e80a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {C7DFCA5E-22C1-4828-B3BF-2803CB5D4FD0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {C7E0E24B-2307-4D9C-8FDA-75F47AE712B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CCB4B209-1A94-4B43-AC4D-B5939D8396B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE941238-D364-4F0A-BD3E-488D50631C35} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-06-06] (McAfee, Inc.)
Task: {D050338C-5010-4DA8-8709-6DFE6FFEF6DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {D2D07D4B-C565-4490-A3C4-7EC890D920B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-21] (HP Inc.)
Task: {D9FB5C63-93E8-4919-9860-0A11B73F7A58} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {DD1B598F-B405-4467-B09A-2BD0D95A6431} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7816a0ee-7542-4b3b-a837-ba49e4bdc7f2 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {EC2C9E27-A3BB-43BA-AF4A-15B31542974D} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-12] (Microsoft Corporation)
Task: {EFB8D00E-7978-4F31-BB71-B64EDF6A3F28} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-19] (Lenovo)
Task: {F0D2B158-841A-4293-95BD-3E6C034648EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-12] (Microsoft Corporation)
Task: {F2842DA5-01BD-42C4-B22B-798DF1A18CB5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {F314486B-7C32-47E5-85BE-8FF3FF3C49C5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3572634a-928d-4dde-99e3-b2156a7e78e0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F7776B8A-3006-4002-BE86-8B6BBA30B898} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {F9043BD3-628B-48B4-96BC-94B683B93FDD} - System32\Tasks\HPCeeScheduleForFadi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-23] (Hewlett-Packard)
Task: {FB653861-C653-48D3-8DEB-82D6E9598D9E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {FCF704DE-47F0-4CB5-B80D-765C831EB21C} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForFadi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2015-07-12 06:50 - 2015-01-16 17:49 - 000105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-22 02:48 - 2017-11-22 02:48 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2015-01-24 02:42 - 2015-01-24 02:42 - 000087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-01-24 02:58 - 2015-01-24 02:58 - 001795976 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll
2015-01-24 02:58 - 2015-01-24 02:58 - 000357768 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2017-11-22 02:50 - 2017-11-22 02:50 - 009501312 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-06 14:05 - 2018-04-06 14:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2015-06-27 03:51 - 2015-06-27 03:51 - 001365224 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2017-08-14 13:48 - 2017-08-14 13:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-05-18 01:42 - 2016-05-18 01:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-07-12 11:42 - 2018-07-12 11:42 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-11-25 14:19 - 2017-11-10 10:02 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-07-11 17:04 - 2018-07-06 09:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-17 10:45 - 2018-07-17 10:45 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 05:23 - 2017-09-26 05:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2016-07-08 01:21 - 2016-07-08 01:21 - 000031104 _____ () C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
2015-07-12 06:51 - 2015-01-10 01:40 - 000469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2015-07-12 06:51 - 2015-01-10 01:40 - 000013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2018-07-11 15:18 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-07-11 15:18 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-06-09 12:49 - 2018-06-09 12:50 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 12:49 - 2018-06-09 12:50 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2017-10-03 21:22 - 2017-10-03 21:23 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-04-25 08:38 - 2018-04-25 08:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-31 02:16 - 2018-05-31 02:18 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 18:03 - 2018-04-05 18:06 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-09 12:49 - 2018-06-09 12:50 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 12:49 - 2018-06-09 12:49 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-31 02:16 - 2018-05-31 02:18 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 12:49 - 2018-06-09 12:50 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 05:28 - 2018-05-03 05:28 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2015-06-25 08:57 - 2015-06-25 08:57 - 000133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2018-05-20 00:23 - 2018-05-20 00:23 - 000038400 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\SourceAppService.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000205824 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\FFmpegInterop.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000175616 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\swresample-2.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000627200 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\avcodec-57.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000492544 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\avutil-55.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000304640 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\avformat-57.dll
2018-05-20 00:23 - 2018-05-20 00:23 - 000712192 _____ () C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.10671.0_x64__8wekyb3d8bbwe\swscale-4.dll
2017-11-22 02:50 - 2017-11-22 02:50 - 006427144 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2017-11-22 02:51 - 2017-11-22 02:51 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2017-11-22 02:51 - 2017-11-22 02:51 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2014-11-10 22:12 - 2014-11-10 22:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-07-12 06:51 - 2015-01-07 19:29 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-07-12 06:51 - 2015-01-07 19:29 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [564]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{474B314C-7ED5-4220-8D15-7D150C1D2E4A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5F963BF6-7D11-44ED-81C9-CB9055EA93A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DEAB8B3C-663F-4132-9CB3-5DB973F2250F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{48296157-ED13-4342-B4D3-A43047AB00AB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{33BA0197-39FF-492F-AE75-A9E96ECF12B0}] => (Allow) LPort=8298
FirewallRules: [{E39E389D-A3EB-4B36-AE8F-81EBDE003D8D}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8CB80195-3196-4DC0-B68D-FEC847651EA0}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{12EE9815-2C66-4EB7-B973-18A528A23141}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\DeviceSetup.exe
FirewallRules: [{89A13D33-5AD2-4FD6-87AA-27157998B309}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{12D20D42-95F7-48C1-AEA8-2AB4DB6C6985}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{0B46AB0F-AD99-4409-B5B1-B601D4C6490A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A89C836A-F990-49D9-AFCB-2C85F0DE2BE2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F25F4A6A-3EA6-49C7-9F7B-C74304E4DEF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{5730DCFF-2469-4B34-8EB1-8651D17BB201}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{93CDDBE3-54CF-400D-B329-2E6BD61E94B7}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{DD1CD8F6-50BA-4A4C-8DB5-A2B19E581BB3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{D104AB86-EF73-4F9F-BDE5-E94D39BAD93A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{152CB6F6-6900-4CC2-9CE8-5E2B6D783352}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A33D872E-0383-4A1B-A0AF-49420B362DC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C283AE28-62EA-4551-B3F8-FFD1962543BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A85A6B5E-A67A-4B93-ABE0-0442E5DF6D08}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1B6B1525-B2A3-4BC2-8C4B-6A9850E4AA24}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D63500C5-3F7B-4A32-A98F-C865CA3707FB}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{04784F2A-52D7-4065-BB3F-C9E7C7FC6A05}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{3BF6E538-AB56-46A4-A2C9-BF0CA8B91A11}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{6D51C652-299C-47DE-A7E1-983528F67A1C}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{3B5FCBF6-B9E5-4A8C-9777-8B0E9FE0805D}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{2F11DA57-4F57-4DB9-B0A2-63AE499DCD45}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{030E86F4-E2B5-4E74-894D-DB5F234C347E}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{1D17B069-A913-44FB-B3E1-DE2F9A3A4A95}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{AE3781A6-A107-45F3-9FAC-A5FA0CF77B9A}] => (Allow) LPort=12292
FirewallRules: [{AA55B5F0-1F37-4CB5-A3BD-D2F54ED5A947}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{B357A986-E281-4856-95A1-5E173110AA95}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{6B6D7485-A654-487D-9379-9F4A98CDBDA6}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{0840CE79-8A75-4D77-8594-172F83622C3F}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{99BB7F1E-166D-426A-A76C-8ACA9B3D3039}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{F5FAA1FE-A01B-4D5F-9CC7-FED05C40EA29}] => (Allow) LPort=5357
FirewallRules: [{A53BB73D-B10A-4E71-AEB0-29C788B6D221}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{076D550F-68DC-4E53-B710-7191C22CCF24}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{15175C2E-EF8B-46C3-9D0A-E77993A2F0C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F4B6020F-4707-4E8D-8662-3A86B973DC9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
16-07-2018 18:45:19 Installed Cisco Jabber Guest Add-on
17-07-2018 11:33:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2018 11:53:23 AM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
Error: (07/17/2018 11:38:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4766
Error: (07/17/2018 11:38:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4766
Error: (07/17/2018 11:38:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/17/2018 11:38:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3110
Error: (07/17/2018 11:38:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3110
Error: (07/17/2018 11:38:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (07/17/2018 11:38:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1594

System errors:
=============
Error: (07/17/2018 12:13:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 12:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 12:00:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 11:58:55 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The HP Touchpoint Analytics service hung on starting.
Error: (07/17/2018 11:54:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (07/17/2018 11:54:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the FontCache3.0.0.0 service to connect.
Error: (07/17/2018 11:53:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 11:52:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel® Technology Access Service service failed to start due to the following error:
The media is write protected.

CodeIntegrity:
===================================
Date: 2018-07-17 12:39:43.121
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:39:42.600
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:39:34.385
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:33:35.329
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:25:15.969
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:25:11.995
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:25:02.805
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 12:25:02.678
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 74%
Total physical RAM: 8106.57 MB
Available physical RAM: 2087.34 MB
Total Virtual: 10410.57 MB
Available Virtual: 3585.76 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:916.49 GB) (Free:731.19 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{dc99c316-8b1c-4259-a646-8cfb90b0e28c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{7470784b-6518-404c-9c86-32813418dd78}\ (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:5.11 GB) NTFS
\\?\Volume{b2691846-cdea-4f9a-86db-f0f39e3c82cd}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B175CE1)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 0B175CEA)
Partition: GPT.
==================== End of Addition.txt ============================

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Fadi (administrator) on LENOVO-PC (17-07-2018 12:35:02)
Running from C:\Users\Fadi\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: Fadi (Available Profiles: Fadi)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\MultiMode\MultiModeService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_5\mcapexe.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 120 series\Bin\ScanToPCActivationApp.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Lenovo) C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Farbar) C:\Users\Fadi\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [209664 2015-05-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [335176 2015-10-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-23] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [HP ENVY 120 series (NET)] => C:\Program Files\HP\HP ENVY 120 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-07] (HP Inc.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [DragonAssistant] => C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistant.exe [974304 2015-11-12] (Nuance Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-03-18]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 120 series (Network).lnk [2016-03-19]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 120 series (Network).lnk -> C:\Program Files\HP\HP ENVY 120 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{53453fed-9911-4601-b2a6-4f64a745591b}: [DhcpNameServer] 10.30.0.1
Tcpip\..\Interfaces\{7e553e39-60c0-41d4-99c1-ebb245eab241}: [DhcpNameServer] 86.51.34.24 86.51.35.24
Tcpip\..\Interfaces\{9a592090-7ddf-47b3-81af-c73d93ed96d6}: [DhcpNameServer] 172.168.127.2
Tcpip\..\Interfaces\{c8533c10-5731-4bc8-8b47-3c829cd2d633}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001 -> DefaultScope {727BCA2A-54BD-41D4-9947-DC89E3A24837} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-12] (Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-26] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-07-07] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-12] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-16] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=D211US0G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default [2018-07-16]
CHR Extension: (Slides) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Sheets) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-07-09]
CHR Extension: (Google Docs Offline) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Cisco Jabber Guest) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbglbakaieakcdiaiabbihafndhapfki [2018-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Gmail) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [102224 2015-10-26] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2015-11-12] (Nuance Communications, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-07-12] (EnigmaSoft Limited)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-19] (Condusiv Technologies)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-11-22] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2017-11-10] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Lenovo MultiMode Service; C:\Program Files (x86)\Lenovo\MultiMode\MultiModeService.exe [1792968 2015-01-30] (Lenovo Group Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-09] (Lenovo Group Limited)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-21] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774560 2018-03-28] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-03] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_5\McApExe.exe [728808 2018-06-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-04-24] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [519120 2018-04-24] (McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [473552 2018-04-24] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1689952 2018-06-05] (McAfee, Inc.)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [90792 2015-06-04] (BayHubTech/O2Micro International)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-30] (McAfee, Inc.)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-05] (Lenovo Group Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-25] (Realtek Semiconductor)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-21] (SHAREit Technologies Co.Ltd)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-07-12] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336064 2016-04-27] (Dell SonicWALL, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-04] (Microsoft Corporation) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-15] (TechSmith Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [719080 2015-06-27] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-05-16] (McAfee, LLC)
R1 DNE; C:\WINDOWS\system32\DRIVERS\dnelwf64.sys [327976 2015-10-15] (Citrix Systems, Inc.)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-07-17] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25840 2013-11-19] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117488 2013-11-19] (Condusiv Technologies)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-11-22] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-14] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79016 2014-08-05] (Intel Corporation)
R3 LnvHIDHW; C:\WINDOWS\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-07-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-07-17] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [105824 2018-05-02] (McAfee, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-05-16] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [361888 2018-05-16] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-05-16] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [533408 2018-05-16] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [954784 2018-05-16] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [550288 2018-05-03] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108944 2018-05-03] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-05-16] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-05-16] (McAfee, LLC)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_0c302db02059f37d\nvlddmkm.sys [17038280 2018-02-07] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2x64.sys [209936 2015-06-04] (BayHubTech/O2Micro )
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [43216 2018-03-28] (Lenovo.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3054848 2015-05-19] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\WINDOWS\system32\Drivers\SWIPsec.sys [110024 2016-04-27] (Dell SonicWALL, Inc.)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-22] (The OpenVPN Project)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-04-01] (Intel Corporation)
R3 WacHidRouter; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [97512 2015-06-27] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-07-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-12] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 12:35 - 2018-07-17 12:35 - 000000000 _____ C:\WINDOWS\erdntwin.loc
2018-07-17 12:35 - 2018-07-17 12:35 - 000000000 _____ C:\WINDOWS\erdntdos.loc
2018-07-17 12:35 - 2018-07-17 12:35 - 000000000 _____ C:\WINDOWS\erdnt.e_e
2018-07-17 12:34 - 2018-07-17 12:35 - 000000000 ____D C:\FRST
2018-07-17 12:31 - 2018-07-17 12:31 - 000000000 ___SH C:\DkHyperbootSync
2018-07-17 12:13 - 2018-07-17 12:14 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-17 11:54 - 2018-07-17 11:54 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2018-07-17 11:48 - 2018-07-17 11:50 - 000000000 ____D C:\AdwCleaner
2018-07-17 11:44 - 2018-07-17 11:44 - 000000818 _____ C:\Users\Fadi\Desktop\JRT.txt
2018-07-17 11:03 - 2018-07-17 11:49 - 000000153 _____ C:\Users\Fadi\Desktop\bleepingcomputer.txt
2018-07-17 09:38 - 2018-07-17 09:38 - 000000000 ____D C:\Users\Fadi\Desktop\iTunes Crash Logs
2018-07-16 22:09 - 2018-07-17 07:25 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-07-16 18:47 - 2018-07-16 18:47 - 000000000 ____D C:\Users\Fadi\AppData\LocalLow\Cisco
2018-07-16 18:46 - 2018-07-16 18:46 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Cisco Systems, Inc
2018-07-16 18:44 - 2018-07-16 18:45 - 010641408 _____ C:\Users\Fadi\Downloads\JabberGuest-add-on_for_Windows-Version_11.0.2.7.msi
2018-07-16 18:21 - 2017-11-10 10:02 - 039861304 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 038903896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 034824472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 029101568 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 019861504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 015477976 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013650432 _____ (Intel Corporation) C:\WINDOWS\system32\ig8icd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013483192 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013062776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 010329088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig8icd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005683712 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005262848 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005137808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004931072 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004368896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004268528 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004240208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 003972096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 002393160 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001858632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001816712 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001814056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001590784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001178624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001023976 _____ C:\WINDOWS\system32\igfxSDK.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000968160 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000964576 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000705024 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000502760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000466912 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000449000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000438784 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000416256 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000389632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000388608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000318464 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000312296 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000297160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000273408 _____ C:\WINDOWS\system32\igfxCPL.cpl
2018-07-16 18:21 - 2017-11-10 10:02 - 000266240 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000254976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000242152 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000236520 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000235008 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4835.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000232416 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000231904 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000225280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000222728 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000205344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000193024 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000183976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000182952 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000181832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000175584 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000173568 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000160264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000160264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000111616 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000103424 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000100864 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000095232 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000084992 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000052736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000004862 _____ C:\WINDOWS\system32\iglhxs64.vp
2018-07-16 18:20 - 2018-03-28 22:44 - 000832416 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000774560 _____ (Lenovo.) C:\WINDOWS\system32\LPlatSvc.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000543648 _____ (Lenovo.) C:\WINDOWS\system32\tpinspm.dll
2018-07-16 18:20 - 2018-03-28 22:44 - 000104352 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000043216 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\pmdrvs.sys
2018-07-13 09:13 - 2018-07-13 09:13 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2018-07-13 09:13 - 2018-07-13 09:13 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-13 09:13 - 2018-07-13 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-13 09:09 - 2018-07-17 12:00 - 000006138 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-07-13 08:57 - 2018-07-13 08:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-07-13 08:57 - 2018-05-16 04:30 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-07-13 08:57 - 2018-05-16 04:30 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-07-13 08:56 - 2018-05-16 04:30 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-07-13 08:56 - 2018-05-16 04:29 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-07-12 13:19 - 2018-07-17 11:56 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-07-12 13:19 - 2018-07-12 13:19 - 000001066 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\sh5ldr
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-07-12 13:17 - 2018-07-12 13:17 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-07-12 12:53 - 2018-07-12 12:53 - 000000000 _____ C:\WINDOWS\Minidump\071218-43062-01.dmp
2018-07-12 11:42 - 2018-07-17 12:37 - 000552178 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-12 11:42 - 2018-07-17 12:37 - 000101389 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-12 11:42 - 2018-07-12 11:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-07-12 11:42 - 2018-07-12 11:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-07-12 11:42 - 2018-07-12 11:42 - 000001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\Users\Fadi\AppData\Local\Zemana
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-12 11:32 - 2018-07-12 11:32 - 002630064 _____ C:\Users\Fadi\Downloads\Adaware_Installer.exe
2018-07-12 11:32 - 2018-07-12 11:32 - 000000000 ____D C:\ProgramData\adaware
2018-07-11 17:05 - 2018-07-06 16:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 17:05 - 2018-07-06 16:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 17:05 - 2018-07-06 14:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 17:05 - 2018-07-06 14:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 17:05 - 2018-07-06 10:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 17:05 - 2018-07-06 10:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 17:05 - 2018-07-06 10:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 17:05 - 2018-07-06 10:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 17:05 - 2018-07-06 10:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 17:05 - 2018-07-06 10:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 17:05 - 2018-07-06 10:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 17:05 - 2018-07-06 09:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 17:05 - 2018-07-06 09:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 17:05 - 2018-07-06 09:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 17:05 - 2018-06-15 20:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 17:05 - 2018-06-15 20:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 17:05 - 2018-06-15 18:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 17:05 - 2018-06-15 18:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 17:05 - 2018-06-15 08:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 17:05 - 2018-06-15 08:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 17:05 - 2018-06-15 08:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 17:05 - 2018-06-15 08:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 17:05 - 2018-06-15 08:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 17:05 - 2018-06-15 08:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 17:05 - 2018-06-15 08:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 17:05 - 2018-06-15 08:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 17:05 - 2018-06-15 07:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 17:05 - 2018-06-15 07:44 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-07-11 17:05 - 2018-06-15 07:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 17:05 - 2018-06-15 07:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 17:04 - 2018-07-06 17:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 17:04 - 2018-07-06 17:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 17:04 - 2018-07-06 17:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 17:04 - 2018-07-06 17:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 17:04 - 2018-07-06 16:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 17:04 - 2018-07-06 16:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 17:04 - 2018-07-06 16:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 17:04 - 2018-07-06 16:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 17:04 - 2018-07-06 16:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 17:04 - 2018-07-06 15:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 17:04 - 2018-07-06 14:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 17:04 - 2018-07-06 14:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 17:04 - 2018-07-06 14:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 17:04 - 2018-07-06 14:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 17:04 - 2018-07-06 14:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 17:04 - 2018-07-06 14:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 17:04 - 2018-07-06 14:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 17:04 - 2018-07-06 14:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 17:04 - 2018-07-06 14:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 17:04 - 2018-07-06 14:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 17:04 - 2018-07-06 10:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 17:04 - 2018-07-06 10:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 17:04 - 2018-07-06 10:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 17:04 - 2018-07-06 10:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 17:04 - 2018-07-06 10:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 17:04 - 2018-07-06 10:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 17:04 - 2018-07-06 10:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 17:04 - 2018-07-06 10:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 17:04 - 2018-07-06 10:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 17:04 - 2018-07-06 10:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 17:04 - 2018-07-06 10:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 17:04 - 2018-07-06 10:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 17:04 - 2018-07-06 10:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 17:04 - 2018-07-06 10:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 17:04 - 2018-07-06 10:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 17:04 - 2018-07-06 10:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 17:04 - 2018-07-06 09:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 17:04 - 2018-07-06 09:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 17:04 - 2018-07-06 09:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 17:04 - 2018-07-06 08:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 17:04 - 2018-06-29 07:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 17:04 - 2018-06-15 20:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 17:04 - 2018-06-15 20:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 17:04 - 2018-06-15 20:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 17:04 - 2018-06-15 20:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 17:04 - 2018-06-15 20:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 17:04 - 2018-06-15 20:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 17:04 - 2018-06-15 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 17:04 - 2018-06-15 20:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 17:04 - 2018-06-15 20:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 17:04 - 2018-06-15 20:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 17:04 - 2018-06-15 20:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 17:04 - 2018-06-15 20:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 17:04 - 2018-06-15 20:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 17:04 - 2018-06-15 20:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 17:04 - 2018-06-15 20:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 17:04 - 2018-06-15 20:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 17:04 - 2018-06-15 20:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 17:04 - 2018-06-15 20:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 17:04 - 2018-06-15 20:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 17:04 - 2018-06-15 20:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 17:04 - 2018-06-15 20:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 17:04 - 2018-06-15 20:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 17:04 - 2018-06-15 20:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 17:04 - 2018-06-15 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 17:04 - 2018-06-15 20:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 17:04 - 2018-06-15 20:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 17:04 - 2018-06-15 18:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 17:04 - 2018-06-15 18:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 17:04 - 2018-06-15 18:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 17:04 - 2018-06-15 18:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 17:04 - 2018-06-15 18:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 17:04 - 2018-06-15 18:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 17:04 - 2018-06-15 18:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 17:04 - 2018-06-15 18:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 17:04 - 2018-06-15 18:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 17:04 - 2018-06-15 18:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 17:04 - 2018-06-15 18:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 17:04 - 2018-06-15 16:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 17:04 - 2018-06-15 10:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 17:04 - 2018-06-15 10:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 17:04 - 2018-06-15 10:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 17:04 - 2018-06-15 08:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 17:04 - 2018-06-15 08:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 17:04 - 2018-06-15 08:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 17:04 - 2018-06-15 08:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 17:04 - 2018-06-15 08:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 17:04 - 2018-06-15 08:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 17:04 - 2018-06-15 08:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 17:04 - 2018-06-15 08:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 17:04 - 2018-06-15 08:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 17:04 - 2018-06-15 08:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 17:04 - 2018-06-15 08:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 17:04 - 2018-06-15 08:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 17:04 - 2018-06-15 08:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 17:04 - 2018-06-15 08:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 17:04 - 2018-06-15 08:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 17:04 - 2018-06-15 08:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 17:04 - 2018-06-15 08:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 17:04 - 2018-06-15 07:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 17:04 - 2018-06-15 07:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 17:04 - 2018-06-15 07:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-07-11 17:04 - 2018-06-15 07:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 17:04 - 2018-06-15 07:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 17:04 - 2018-06-15 07:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 17:04 - 2018-06-15 07:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 17:04 - 2018-06-15 07:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 17:04 - 2018-06-15 07:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 17:04 - 2018-06-15 07:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 17:04 - 2018-06-15 07:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 17:04 - 2018-06-15 07:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 17:04 - 2018-06-15 07:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 17:04 - 2018-06-15 07:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 17:04 - 2018-06-15 07:37 - 001069056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-11 17:04 - 2018-06-15 07:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 17:04 - 2018-06-15 07:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 17:04 - 2018-06-01 08:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-11 17:04 - 2018-05-20 14:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-11 17:04 - 2018-05-20 14:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-11 15:18 - 2018-07-17 12:13 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-11 15:18 - 2018-07-11 15:18 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-11 15:18 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-10 10:20 - 2018-07-10 10:20 - 000000000 ____D C:\ProgramData\Packages
2018-07-04 16:54 - 2018-07-04 16:54 - 000000000 _____ C:\Users\Fadi\java-version
2018-06-25 23:24 - 2018-06-25 23:24 - 002072576 _____ C:\Users\Fadi\Downloads\Yesser SDLC - Overall SDLC Process Diagram.vsd
2018-06-23 21:07 - 2018-06-23 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-06-23 21:02 - 2018-06-23 21:04 - 160385336 _____ (Apple Inc.) C:\Users\Fadi\Downloads\iCloudSetup.exe
2018-06-23 20:29 - 2018-06-23 20:30 - 000000063 _____ C:\Users\Fadi\Desktop\Apple.txt
2018-06-23 13:53 - 2018-06-23 13:53 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-23 13:53 - 2018-06-23 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-23 13:53 - 2018-06-23 13:53 - 000000000 ____D C:\Program Files\iPod
2018-06-23 13:52 - 2018-06-23 13:53 - 000000000 ____D C:\Program Files\iTunes
2018-06-23 13:42 - 2018-06-23 13:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-06-23 13:42 - 2018-06-23 13:42 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-06-21 21:31 - 2018-06-21 21:31 - 000007456 _____ C:\Users\Fadi\Desktop\Chat Window.html
2018-06-21 21:31 - 2018-06-21 21:31 - 000000000 ____D C:\Users\Fadi\Desktop\Chat Window_files
2018-06-18 19:48 - 2018-07-11 16:23 - 000000000 ____D C:\Users\Fadi\Documents\My Kindle Content
2018-06-18 19:48 - 2018-06-18 19:48 - 000002342 _____ C:\Users\Fadi\Desktop\Kindle.lnk
2018-06-18 19:48 - 2018-06-18 19:48 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2018-06-18 19:47 - 2018-06-18 19:48 - 000000000 ____D C:\Users\Fadi\AppData\Local\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 12:35 - 2015-12-05 13:24 - 000000000 _____ C:\WINDOWS\erunt.exe
2018-07-17 12:18 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-17 12:13 - 2017-01-30 06:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-17 12:10 - 2015-07-12 06:47 - 000000000 ____D C:\ProgramData\TEMP
2018-07-17 11:59 - 2015-12-11 07:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 11:55 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-17 11:55 - 2015-12-11 07:29 - 000000000 __RSD C:\Users\Fadi\Documents\McAfee Vaults
2018-07-17 11:55 - 2015-08-22 20:36 - 000000000 __SHD C:\Users\Fadi\IntelGraphicsProfiles
2018-07-17 11:54 - 2017-08-04 06:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-17 11:53 - 2018-05-20 00:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-17 11:53 - 2017-08-04 06:54 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-17 11:52 - 2018-04-12 00:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-17 11:45 - 2016-03-19 08:19 - 000000000 ____D C:\Users\Fadi\Desktop\mine
2018-07-17 11:27 - 2018-05-19 23:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-17 10:50 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-17 10:46 - 2017-12-11 11:44 - 000000000 ____D C:\Users\Fadi\AppData\Local\Packages
2018-07-17 09:33 - 2015-07-12 06:46 - 000000000 ____D C:\ProgramData\Lenovo App Services
2018-07-17 07:12 - 2015-09-12 07:45 - 000000000 ____D C:\Users\Fadi\AppData\Local\Adobe
2018-07-16 18:32 - 2018-05-19 23:34 - 000000000 ____D C:\Users\Fadi
2018-07-16 18:32 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-16 18:31 - 2018-01-01 00:19 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFadi.job
2018-07-16 18:29 - 2017-08-04 06:53 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-07-16 12:10 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-16 07:48 - 2018-05-20 00:02 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3870C77B-96CD-451B-AF08-F559A1E2F9ED}
2018-07-15 23:42 - 2018-05-20 00:02 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFadi
2018-07-13 18:00 - 2018-05-20 00:02 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3647983885-1338035356-1040962617-1001
2018-07-13 18:00 - 2018-05-19 23:34 - 000002415 _____ C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-13 18:00 - 2015-08-22 20:38 - 000000000 ___RD C:\Users\Fadi\OneDrive
2018-07-13 09:13 - 2016-03-28 09:49 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-13 09:12 - 2015-07-12 06:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-13 09:04 - 2018-05-20 00:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-07-13 09:01 - 2018-02-04 00:43 - 000000000 ____D C:\Users\Fadi\AppData\LocalLow\Lenovo
2018-07-13 09:01 - 2015-07-12 06:45 - 000000000 ____D C:\Program Files\Lenovo
2018-07-13 09:01 - 2015-07-12 06:18 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-07-13 08:55 - 2017-08-04 06:54 - 000000000 ____D C:\ProgramData\Lenovo
2018-07-13 08:55 - 2015-07-12 06:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-07-11 22:04 - 2018-05-19 23:33 - 000931444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 22:03 - 2017-12-11 14:40 - 000000000 ___RD C:\Users\Fadi\3D Objects
2018-07-11 22:03 - 2015-08-22 20:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 22:01 - 2018-05-19 23:25 - 000419672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 22:01 - 2018-04-12 00:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 17:03 - 2015-08-23 20:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 17:00 - 2015-08-23 20:32 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 17:19 - 2015-12-11 07:26 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-07-10 10:32 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-07 10:07 - 2015-07-12 06:48 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-07-07 10:06 - 2018-05-20 00:02 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-07-07 10:05 - 2018-05-20 00:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-07-07 10:05 - 2018-04-12 02:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-07-06 08:56 - 2018-05-20 00:02 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-07-01 12:51 - 2018-05-31 01:42 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-29 04:13 - 2018-04-12 02:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-29 04:13 - 2018-04-12 02:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-27 00:01 - 2016-04-23 20:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-27 00:01 - 2016-04-23 20:04 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-25 19:04 - 2018-01-20 19:31 - 000000000 ____D C:\Users\Fadi\AppData\Local\PlaceholderTileLogoFolder
2018-06-23 21:25 - 2016-04-12 09:13 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Apple Computer
2018-06-23 21:08 - 2016-04-12 09:13 - 000000000 ____D C:\Users\Fadi\AppData\Local\Apple Computer
2018-06-23 21:07 - 2016-04-12 09:11 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-06-23 18:43 - 2017-12-11 14:41 - 000000000 ___HD C:\Users\Fadi\MicrosoftEdgeBackups
2018-06-23 14:05 - 2018-05-20 07:57 - 000000000 ____D C:\Users\Fadi\AppData\Local\D3DSCache
2018-06-23 13:42 - 2016-04-12 09:12 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-06-23 13:25 - 2017-10-25 14:27 - 000000024 _____ C:\Users\Fadi\Desktop\asma_wifi.txt
Some zero byte size files/folders:
==========================
C:\Windows\erunt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-19 23:25
==================== End of FRST.txt ============================

 

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 7/17/18
Scan Time: 12:19 PM
Log File: 78545a0e-89a2-11e8-afdd-00ff53453fed.json
Administrator: Yes
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5933
License: Trial
-System Information-
OS: Windows 10 (Build 17134.165)
CPU: x64
File System: NTFS
User: LENOVO-PC\Fadi
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 382720
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 11 min, 43 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Fadi (Administrator) on Tue 07/17/2018 at 11:33:26.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 0
 

Registry: 2
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{727BCA2A-54BD-41D4-9947-DC89E3A24837} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF8E4539-6119-4DDD-95D9-18F3158BF767} (Registry Key)
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 07/17/2018 at 11:44:33.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 17 July 2018 - 07:09 AM

Apologies about the AdwCleaner link.


Disable Windows Firewall

McAfee is already protecting your computer and you cannot have 2 firewalls doing the same job.

  • in the ‘Search’ box, type firewall, then select Windows Firewall
  • select Turn Windows Firewall on or off. You might be asked for an admin password or to confirm your choice
  • select the option “Turn off Windows Firewall” for both the private and public network.

Note: If your PC is connected to a network, network policy settings might prevent you from completing these steps. For more info, contact your administrator.

================================================

I’d like you to uninstall and re-install FRST[/b]. Please save it directly to your desktop otherwise fixes won’t work:

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.
  • click the Run button.

Download FRST again from here and don’t forget to save it on the desktop.

================================================

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001 -> DefaultScope {727BCA2A-54BD-41D4-9947-DC89E3A24837} URL =
2018-07-12 11:32 - 2018-07-12 11:32 - 002630064 _____ C:\Users\Fadi\Downloads\Adaware_Installer.exe
2018-07-12 11:32 - 2018-07-12 11:32 - 000000000 ____D C:\ProgramData\adaware
2018-07-17 12:10 - 2015-07-12 06:47 - 000000000 ____D C:\ProgramData\TEMP
2018-07-17 11:54 - 2017-08-04 06:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CustomCLSID: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ECE3F0D2EF0F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {7B05B187-214D-463D-BCD3-9B79463AAACC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8AB313CE-6401-4CDB-AEC5-F0C7DF5D05C8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FF6713B-E2F8-47B4-991D-A6AE7BE0F8B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC1771FB-7589-4F52-BDEE-C4EB60E95E45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7E0E24B-2307-4D9C-8FDA-75F47AE712B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CCB4B209-1A94-4B43-AC4D-B5939D8396B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [564]
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Please run FRST again and post the new log.

Logs to include with next post:

Fixlog.txt
New Frst.txt


Can you tell me if you have any reason to suspect that your computer is infected as there are no signs of anything malicious.

Thanks

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 sam_34132

sam_34132
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 17 July 2018 - 08:03 AM

Hi satchfan,

I cannot thank you enough for your help.

The reason why I think my computer was infected is because every now an then my browser gets hijacked and I get directed to a webpage that wants me to accept a prize from Google. the URL is  yowwinnerprize.com. Also my computer shuts down unexpectedly.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Fadi (17-07-2018 15:22:39) Run:1
Running from C:\Users\Fadi\Desktop\mine\Virus
Loaded Profiles: Fadi (Available Profiles: Fadi)
Boot Mode: Normal
==============================================
fixlist content:
*****************
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001 -> DefaultScope {727BCA2A-54BD-41D4-9947-DC89E3A24837} URL =
2018-07-12 11:32 - 2018-07-12 11:32 - 002630064 _____ C:\Users\Fadi\Downloads\Adaware_Installer.exe
2018-07-12 11:32 - 2018-07-12 11:32 - 000000000 ____D C:\ProgramData\adaware
2018-07-17 12:10 - 2015-07-12 06:47 - 000000000 ____D C:\ProgramData\TEMP
2018-07-17 11:54 - 2017-08-04 06:53 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
CustomCLSID: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ECE3F0D2EF0F}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {7B05B187-214D-463D-BCD3-9B79463AAACC} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {8AB313CE-6401-4CDB-AEC5-F0C7DF5D05C8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {8FF6713B-E2F8-47B4-991D-A6AE7BE0F8B3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC1771FB-7589-4F52-BDEE-C4EB60E95E45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C7E0E24B-2307-4D9C-8FDA-75F47AE712B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CCB4B209-1A94-4B43-AC4D-B5939D8396B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [564]
EmptyTemp:
*****************
Processes closed successfully.
"HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
C:\Users\Fadi\Downloads\Adaware_Installer.exe => moved successfully
C:\ProgramData\adaware => moved successfully
C:\ProgramData\TEMP => moved successfully
C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat => moved successfully
"HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-ECE3F0D2EF0F}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B05B187-214D-463D-BCD3-9B79463AAACC}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B05B187-214D-463D-BCD3-9B79463AAACC}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8AB313CE-6401-4CDB-AEC5-F0C7DF5D05C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8AB313CE-6401-4CDB-AEC5-F0C7DF5D05C8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8FF6713B-E2F8-47B4-991D-A6AE7BE0F8B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FF6713B-E2F8-47B4-991D-A6AE7BE0F8B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC1771FB-7589-4F52-BDEE-C4EB60E95E45}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC1771FB-7589-4F52-BDEE-C4EB60E95E45}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C7E0E24B-2307-4D9C-8FDA-75F47AE712B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C7E0E24B-2307-4D9C-8FDA-75F47AE712B9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCB4B209-1A94-4B43-AC4D-B5939D8396B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCB4B209-1A94-4B43-AC4D-B5939D8396B3}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"C:\ProgramData\TEMP" => ":B3503B59" ADS not found.
=========== EmptyTemp: ==========
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 340234044 B
Java, Flash, Steam htmlcache => 11827 B
Windows/system/drivers => 12295249 B
Edge => 379099666 B
Chrome => 286144289 B
Firefox => 0 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 213369 B
systemprofile32 => 4917733 B
LocalService => 18122 B
LocalService => 0 B
NetworkService => 0 B
NetworkService => 0 B
Fadi => 110403896 B
RecycleBin => 0 B
EmptyTemp: => 1.1 GB temporary data Removed.
================================

The system needed a reboot.
==== End of Fixlog 15:26:22 ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Fadi (administrator) on LENOVO-PC (17-07-2018 15:44:40)
Running from C:\Users\Fadi\Desktop\mine\Virus
Loaded Profiles: Fadi (Available Profiles: Fadi)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\WTabletServiceISD.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\HidMonitorSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
() C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\MultiMode\MultiModeService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\avfaudiosw.exe
() C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Lenovo.) C:\Windows\System32\LPlatSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Wacom Technology) C:\Program Files\Tablet\ISD\WacomHost.exe
(EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\ISD\ISD_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_5\mcapexe.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(McAfee, Inc.) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Copyright 2017.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
() C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 120 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc.) C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\tpknrres.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\cammute.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\vcamsvchlpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrsvc.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo) C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [209664 2015-05-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [335176 2015-10-26] (Alps Electric Co., Ltd.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-13] (NVIDIA Corporation)
HKLM\...\Run: [TpShocks] => C:\WINDOWS\system32\TpShocks.exe [555760 2014-12-09] (Lenovo.)
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [341448 2014-11-07] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] => C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937928 2014-12-11] (Lenovo)
HKLM\...\Run: [LMCSSTART1] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,InitSubsystemProcesses
HKLM\...\Run: [LMCSSTART2] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libstartstub2.dll,ProxyStart
HKLM\...\Run: [LMCSSTART3] => C:\windows\SysWOW64\lmcfrundll.exe C:\Program Files\Lenovo\Communications Utility\libmcsrdllb.dll,SetupCamplusDrop
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-05-22] (Apple Inc.)
HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-31] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598040 2016-06-23] (Oracle Corporation)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-16] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-07-13] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [HP ENVY 120 series (NET)] => C:\Program Files\HP\HP ENVY 120 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [HP OfficeJet 4650 series (NET)] => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\ScanToPCActivationApp.exe [3770504 2017-04-07] (HP Inc.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-05-23] (Apple Inc.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Run: [DragonAssistant] => C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistant.exe [974304 2015-11-12] (Nuance Communications, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TSC_SI_13.lnk [2017-03-18]
ShortcutTarget: TSC_SI_13.lnk -> C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 120 series (Network).lnk [2016-03-19]
ShortcutTarget: Monitor Ink Alerts - HP ENVY 120 series (Network).lnk -> C:\Program Files\HP\HP ENVY 120 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{53453fed-9911-4601-b2a6-4f64a745591b}: [DhcpNameServer] 10.30.0.1
Tcpip\..\Interfaces\{7e553e39-60c0-41d4-99c1-ebb245eab241}: [DhcpNameServer] 86.51.34.24 86.51.35.24
Tcpip\..\Interfaces\{9a592090-7ddf-47b3-81af-c73d93ed96d6}: [DhcpNameServer] 172.168.127.2
Tcpip\..\Interfaces\{c8533c10-5731-4bc8-8b47-3c829cd2d633}: [DhcpNameServer] 172.20.10.1
Internet Explorer:
==================
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-12] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_102\bin\ssv.dll [2016-09-12] (Oracle Corporation)
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_102\bin\jp2ssv.dll [2016-09-12] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll [2016-09-26] (Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-09-26] (Oracle Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-07-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2018-06-05] (McAfee, Inc.)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2018-06-15] (McAfee, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-16] (Citrix Systems, Inc.)
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi [2018-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\e10ssaffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-07-07] [Legacy] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\dtplugin\npDeployJava1.dll [2016-09-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.102.2 -> C:\Program Files\Java\jre1.8.0_102\bin\plugin2\npjp2.dll [2016-09-12] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-07-13] (Adobe Systems)
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-16] (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-09-26] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-06-15] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-07-13] (Adobe Systems)
Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=D211US0G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Slides) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-23]
CHR Extension: (YouTube) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-23]
CHR Extension: (Sheets) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2018-07-09]
CHR Extension: (Google Docs Offline) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-23]
CHR Extension: (Cisco Jabber Guest) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbglbakaieakcdiaiabbihafndhapfki [2018-07-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-23]
CHR Extension: (Gmail) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-23]
CHR Extension: (Chrome Media Router) - C:\Users\Fadi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-06-19]
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\Apoint2K\HidMonitorSvc.exe [102224 2015-10-26] (Alps Electric Co., Ltd.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-04-27] (Apple Inc.)
R2 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [560584 2015-01-21] (Lenovo Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-04-12] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-30] (Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc.)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2015-11-12] (Nuance Communications, Inc.)
R2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [9872688 2018-07-12] (EnigmaSoft Limited)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [828656 2013-11-19] (Condusiv Technologies)
R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2017-11-22] ()
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-13] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [333688 2018-06-13] (HP Inc.)
R2 HPTouchpointAnalyticsService; C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe [332216 2017-11-22] (HP Inc.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-14] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373736 2017-11-10] (Intel Corporation)
R2 ImControllerService; C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [71408 2018-05-16] (Lenovo Group Limited)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-14] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [95624 2015-01-24] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 Lenovo MultiMode Service; C:\Program Files (x86)\Lenovo\MultiMode\MultiModeService.exe [1792968 2015-01-30] (Lenovo Group Limited)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [2019272 2015-02-09] (Lenovo Group Limited)
R3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [626120 2015-01-21] (Lenovo Corporation)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [115184 2014-07-09] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [22576 2014-02-22] (Lenovo)
S3 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [475080 2015-01-21] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [469720 2015-01-10] ()
R2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [774560 2018-03-28] (Lenovo.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [273232 2016-06-03] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-03] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [604824 2018-06-05] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_5\McApExe.exe [728808 2018-06-12] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\\McCSPServiceHost.exe [2141912 2018-04-06] (McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [359888 2018-04-24] (McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [519120 2018-04-24] (McAfee, LLC)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [473552 2018-04-24] (McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1689952 2018-06-05] (McAfee, Inc.)
S3 MsMpiLaunchSvc; C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe [27760 2016-06-13] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 O2FLASH; C:\WINDOWS\System32\drivers\o2flash.exe [90792 2015-06-04] (BayHubTech/O2Micro International)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1047448 2018-05-30] (McAfee, Inc.)
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61232 2014-12-05] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [328488 2014-12-05] (Lenovo Group Limited)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-06-25] (Realtek Semiconductor)
S3 ShareItSvc; C:\Program Files (x86)\Lenovo\SHAREit\Shareit.Service.exe [31176 2016-01-21] (SHAREit Technologies Co.Ltd)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [538416 2018-07-12] (EnigmaSoft Limited)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336064 2016-04-27] (Dell SonicWALL, Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-04] (Microsoft Corporation) [File not signed]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3661096 2015-09-15] (TechSmith Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [129144 2017-08-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 WTabletServiceISD; C:\Program Files\Tablet\ISD\WTabletServiceISD.exe [719080 2015-06-27] (Wacom Technology, Corp.)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77216 2018-05-16] (McAfee, LLC)
R1 DNE; C:\WINDOWS\system32\DRIVERS\dnelwf64.sys [327976 2015-10-15] (Citrix Systems, Inc.)
R3 EnigmaFileMonDriver; C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys [61624 2018-07-17] (EnigmaSoft Limited)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R1 excfs; C:\WINDOWS\System32\DRIVERS\excfs.sys [25840 2013-11-19] (Condusiv Technologies)
R0 excsd; C:\WINDOWS\System32\DRIVERS\excsd.sys [117488 2013-11-19] (Condusiv Technologies)
S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2017-11-22] ()
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [226984 2018-05-02] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-14] (Intel Corporation)
R0 IntelHSWPcc; C:\WINDOWS\System32\drivers\IntelPcc.sys [79016 2014-08-05] (Intel Corporation)
R3 LnvHIDHW; C:\WINDOWS\System32\drivers\LnvHIDHW.sys [29496 2014-04-08] (Lenovo)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-07-17] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-07-17] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-07-17] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-07-17] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-07-17] (Malwarebytes)
R2 McPvDrv; C:\WINDOWS\system32\drivers\McPvDrv.sys [105824 2018-05-02] (McAfee, Inc.)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [497568 2018-05-16] (McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [361888 2018-05-16] (McAfee, LLC)
U3 mfeavfk01; no ImagePath
U3 mfeavfk02; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83952 2018-05-16] (McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [533408 2018-05-16] (McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [954784 2018-05-16] (McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [550288 2018-05-03] (McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108944 2018-05-03] (McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [115616 2018-05-16] (McAfee, LLC)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252832 2018-05-16] (McAfee, LLC)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [41688 2014-10-31] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7638536 2017-10-29] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_0c302db02059f37d\nvlddmkm.sys [17038280 2018-02-07] (NVIDIA Corporation)
R3 O2FJ2RDR; C:\WINDOWS\System32\drivers\O2FJ2x64.sys [209936 2015-06-04] (BayHubTech/O2Micro )
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [43216 2018-03-28] (Lenovo.)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3054848 2015-05-19] (Realtek Semiconductor Corp.)
R2 SWIPsec; C:\WINDOWS\system32\Drivers\SWIPsec.sys [110024 2016-04-27] (Dell SonicWALL, Inc.)
R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2017-11-22] (The OpenVPN Project)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-04-01] (Intel Corporation)
R3 WacHidRouter; C:\WINDOWS\system32\DRIVERS\wachidrouter_isd.sys [97512 2015-06-27] (Wacom Technology, Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-07-12] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-07-12] (Zemana Ltd.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 15:30 - 2018-07-17 15:40 - 000000000 ____D C:\ProgramData\TEMP
2018-07-17 15:28 - 2018-07-17 15:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-17 15:28 - 2018-07-17 15:28 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TouchPad
2018-07-17 15:22 - 2018-07-17 15:44 - 000000000 ____D C:\FRST
2018-07-17 15:22 - 2018-07-17 15:22 - 000000000 _____ C:\WINDOWS\erunt.exe
2018-07-17 15:22 - 2018-07-17 15:22 - 000000000 _____ C:\WINDOWS\erdntwin.loc
2018-07-17 15:22 - 2018-07-17 15:22 - 000000000 _____ C:\WINDOWS\erdntdos.loc
2018-07-17 15:22 - 2018-07-17 15:22 - 000000000 _____ C:\WINDOWS\erdnt.e_e
2018-07-17 15:20 - 2018-07-17 15:20 - 000000327 _____ C:\DelFix.txt
2018-07-17 12:13 - 2018-07-17 15:28 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-07-17 12:13 - 2018-07-17 15:28 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-07-17 12:13 - 2018-07-17 15:28 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-07-17 12:13 - 2018-07-17 15:28 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-07-17 12:13 - 2018-07-17 12:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-07-17 11:03 - 2018-07-17 11:49 - 000000153 _____ C:\Users\Fadi\Desktop\bleepingcomputer.txt
2018-07-17 09:38 - 2018-07-17 15:05 - 000000000 ____D C:\Users\Fadi\Desktop\iTunes Crash Logs
2018-07-16 22:09 - 2018-07-17 15:25 - 000003606 _____ C:\WINDOWS\System32\Tasks\McAfee DAT Built in test
2018-07-16 18:47 - 2018-07-16 18:47 - 000000000 ____D C:\Users\Fadi\AppData\LocalLow\Cisco
2018-07-16 18:46 - 2018-07-16 18:46 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Cisco Systems, Inc
2018-07-16 18:44 - 2018-07-16 18:45 - 010641408 _____ C:\Users\Fadi\Downloads\JabberGuest-add-on_for_Windows-Version_11.0.2.7.msi
2018-07-16 18:21 - 2017-11-10 10:02 - 039861304 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 038903896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 034824472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd11dxva32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 029101568 _____ (Intel Corporation) C:\WINDOWS\system32\common_clang64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 019861504 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\common_clang32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 015477976 _____ (Intel Corporation) C:\WINDOWS\system32\igc64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013650432 _____ (Intel Corporation) C:\WINDOWS\system32\ig8icd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013483192 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igc32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 013062776 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 010329088 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig8icd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005683712 _____ (Intel Corporation) C:\WINDOWS\system32\igdmcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005262848 _____ (Intel Corporation) C:\WINDOWS\system32\GfxResources.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 005137808 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004931072 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004368896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004268528 _____ (Intel Corporation) C:\WINDOWS\system32\igd12umd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 004240208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd12umd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 003972096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 002393160 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001858632 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001816712 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001814056 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001590784 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001178624 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 001023976 _____ C:\WINDOWS\system32\igfxSDK.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000968160 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000964576 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000705024 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000502760 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000466912 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000449000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelCpHDCPSvc.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000438784 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000416256 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000389632 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000388608 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000318464 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000312296 _____ (Intel Corporation) C:\WINDOWS\system32\igd10idpp64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000297160 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10idpp32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000273408 _____ C:\WINDOWS\system32\igfxCPL.cpl
2018-07-16 18:21 - 2017-11-10 10:02 - 000266240 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000254976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000242152 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000236520 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000235008 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4835.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000232416 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000231904 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000225280 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000222728 _____ (Intel Corporation) C:\WINDOWS\system32\igdde64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000205344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000193024 _____ (Intel Corporation) C:\WINDOWS\system32\igdail64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000183976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000182952 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000181832 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdde32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000175584 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2018-07-16 18:21 - 2017-11-10 10:02 - 000173568 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdail32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000160264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000160264 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000111616 _____ ( ) C:\WINDOWS\system32\igfxSDKLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000103936 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000103424 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000100864 _____ ( ) C:\WINDOWS\system32\igfxSDKLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000099840 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000095232 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000084992 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000052736 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000029184 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000027648 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000022528 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2018-07-16 18:21 - 2017-11-10 10:02 - 000004862 _____ C:\WINDOWS\system32\iglhxs64.vp
2018-07-16 18:20 - 2018-03-28 22:44 - 000832416 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000774560 _____ (Lenovo.) C:\WINDOWS\system32\LPlatSvc.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000543648 _____ (Lenovo.) C:\WINDOWS\system32\tpinspm.dll
2018-07-16 18:20 - 2018-03-28 22:44 - 000104352 _____ (Lenovo.) C:\WINDOWS\system32\ibmpmctl.exe
2018-07-16 18:20 - 2018-03-28 22:44 - 000043216 _____ (Lenovo.) C:\WINDOWS\system32\Drivers\pmdrvs.sys
2018-07-13 09:13 - 2018-07-13 09:13 - 000002496 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio.lnk
2018-07-13 09:13 - 2018-07-13 09:13 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-13 09:13 - 2018-07-13 09:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-07-13 09:09 - 2018-07-17 15:33 - 000007019 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-07-13 08:57 - 2018-07-13 08:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2018-07-13 08:57 - 2018-05-16 04:30 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-07-13 08:57 - 2018-05-16 04:30 - 000053488 _____ (Lenovo Group Limited) C:\WINDOWS\system32\ImController.InfInstaller.exe
2018-07-13 08:56 - 2018-05-16 04:30 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\WudfUpdate_02000.dll
2018-07-13 08:56 - 2018-05-16 04:29 - 000425200 _____ (Lenovo Group Limited) C:\WINDOWS\system32\iMDriverHelper.dll
2018-07-12 13:19 - 2018-07-17 15:28 - 000061624 _____ (EnigmaSoft Limited) C:\WINDOWS\system32\Drivers\EnigmaFileMonDriver.sys
2018-07-12 13:19 - 2018-07-12 13:19 - 000001066 _____ C:\Users\Public\Desktop\SpyHunter5.lnk
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\sh5ldr
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EnigmaSoft
2018-07-12 13:19 - 2018-07-12 13:19 - 000000000 ____D C:\ProgramData\EnigmaSoft Limited
2018-07-12 13:17 - 2018-07-12 13:17 - 000000000 ____D C:\Program Files\EnigmaSoft
2018-07-12 12:53 - 2018-07-12 12:53 - 000000000 _____ C:\WINDOWS\Minidump\071218-43062-01.dmp
2018-07-12 11:42 - 2018-07-17 15:49 - 000537040 _____ C:\WINDOWS\ZAM.krnl.trace
2018-07-12 11:42 - 2018-07-17 15:49 - 000093972 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-07-12 11:42 - 2018-07-12 11:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-07-12 11:42 - 2018-07-12 11:42 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-07-12 11:42 - 2018-07-12 11:42 - 000001232 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\Users\Fadi\AppData\Local\Zemana
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2018-07-12 11:42 - 2018-07-12 11:42 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-07-11 17:05 - 2018-07-06 16:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 17:05 - 2018-07-06 16:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 17:05 - 2018-07-06 14:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 17:05 - 2018-07-06 14:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 17:05 - 2018-07-06 10:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 17:05 - 2018-07-06 10:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 17:05 - 2018-07-06 10:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 17:05 - 2018-07-06 10:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 17:05 - 2018-07-06 10:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 17:05 - 2018-07-06 10:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 17:05 - 2018-07-06 10:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 17:05 - 2018-07-06 09:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 17:05 - 2018-07-06 09:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 17:05 - 2018-07-06 09:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 17:05 - 2018-06-15 20:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 17:05 - 2018-06-15 20:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 17:05 - 2018-06-15 18:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 17:05 - 2018-06-15 18:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 17:05 - 2018-06-15 08:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 17:05 - 2018-06-15 08:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 17:05 - 2018-06-15 08:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 17:05 - 2018-06-15 08:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 17:05 - 2018-06-15 08:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 17:05 - 2018-06-15 08:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 17:05 - 2018-06-15 08:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 17:05 - 2018-06-15 08:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 17:05 - 2018-06-15 08:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 17:05 - 2018-06-15 08:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 17:05 - 2018-06-15 07:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 17:05 - 2018-06-15 07:44 - 005746688 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2018-07-11 17:05 - 2018-06-15 07:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 17:05 - 2018-06-15 07:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 17:04 - 2018-07-06 17:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 17:04 - 2018-07-06 17:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 17:04 - 2018-07-06 17:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 17:04 - 2018-07-06 17:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 17:04 - 2018-07-06 17:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 17:04 - 2018-07-06 16:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 17:04 - 2018-07-06 16:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 17:04 - 2018-07-06 16:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 17:04 - 2018-07-06 16:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 17:04 - 2018-07-06 16:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 17:04 - 2018-07-06 16:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 17:04 - 2018-07-06 16:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 17:04 - 2018-07-06 15:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 17:04 - 2018-07-06 14:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 17:04 - 2018-07-06 14:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 17:04 - 2018-07-06 14:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 17:04 - 2018-07-06 14:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 17:04 - 2018-07-06 14:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 17:04 - 2018-07-06 14:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 17:04 - 2018-07-06 14:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 17:04 - 2018-07-06 14:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 17:04 - 2018-07-06 14:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 17:04 - 2018-07-06 14:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 17:04 - 2018-07-06 10:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 17:04 - 2018-07-06 10:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 17:04 - 2018-07-06 10:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 17:04 - 2018-07-06 10:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 17:04 - 2018-07-06 10:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 17:04 - 2018-07-06 10:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 17:04 - 2018-07-06 10:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 17:04 - 2018-07-06 10:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 17:04 - 2018-07-06 10:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 17:04 - 2018-07-06 10:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 17:04 - 2018-07-06 10:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 17:04 - 2018-07-06 10:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 17:04 - 2018-07-06 10:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 17:04 - 2018-07-06 10:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 17:04 - 2018-07-06 10:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 17:04 - 2018-07-06 10:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 17:04 - 2018-07-06 10:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 17:04 - 2018-07-06 10:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 17:04 - 2018-07-06 10:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 17:04 - 2018-07-06 10:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 17:04 - 2018-07-06 10:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 17:04 - 2018-07-06 10:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 17:04 - 2018-07-06 10:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 17:04 - 2018-07-06 09:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 17:04 - 2018-07-06 09:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 17:04 - 2018-07-06 09:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 17:04 - 2018-07-06 09:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 17:04 - 2018-07-06 09:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 17:04 - 2018-07-06 09:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 17:04 - 2018-07-06 09:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 17:04 - 2018-07-06 09:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 17:04 - 2018-07-06 09:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 17:04 - 2018-07-06 09:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 17:04 - 2018-07-06 08:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 17:04 - 2018-06-29 07:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 17:04 - 2018-06-15 20:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 17:04 - 2018-06-15 20:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 17:04 - 2018-06-15 20:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 17:04 - 2018-06-15 20:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 17:04 - 2018-06-15 20:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 17:04 - 2018-06-15 20:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 17:04 - 2018-06-15 20:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 17:04 - 2018-06-15 20:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 17:04 - 2018-06-15 20:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 17:04 - 2018-06-15 20:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 17:04 - 2018-06-15 20:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 17:04 - 2018-06-15 20:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 17:04 - 2018-06-15 20:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 17:04 - 2018-06-15 20:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 17:04 - 2018-06-15 20:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 17:04 - 2018-06-15 20:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 17:04 - 2018-06-15 20:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 17:04 - 2018-06-15 20:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 17:04 - 2018-06-15 20:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 17:04 - 2018-06-15 20:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 17:04 - 2018-06-15 20:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 17:04 - 2018-06-15 20:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 17:04 - 2018-06-15 20:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 17:04 - 2018-06-15 20:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 17:04 - 2018-06-15 20:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 17:04 - 2018-06-15 20:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 17:04 - 2018-06-15 20:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 17:04 - 2018-06-15 18:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 17:04 - 2018-06-15 18:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 17:04 - 2018-06-15 18:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 17:04 - 2018-06-15 18:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 17:04 - 2018-06-15 18:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 17:04 - 2018-06-15 18:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 17:04 - 2018-06-15 18:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 17:04 - 2018-06-15 18:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 17:04 - 2018-06-15 18:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 17:04 - 2018-06-15 18:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 17:04 - 2018-06-15 18:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 17:04 - 2018-06-15 16:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 17:04 - 2018-06-15 10:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 17:04 - 2018-06-15 10:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 17:04 - 2018-06-15 10:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 17:04 - 2018-06-15 08:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 17:04 - 2018-06-15 08:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 17:04 - 2018-06-15 08:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 17:04 - 2018-06-15 08:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 17:04 - 2018-06-15 08:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 17:04 - 2018-06-15 08:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 17:04 - 2018-06-15 08:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 17:04 - 2018-06-15 08:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 17:04 - 2018-06-15 08:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 17:04 - 2018-06-15 08:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 17:04 - 2018-06-15 08:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 17:04 - 2018-06-15 08:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 17:04 - 2018-06-15 08:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 17:04 - 2018-06-15 08:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 17:04 - 2018-06-15 08:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 17:04 - 2018-06-15 08:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 17:04 - 2018-06-15 08:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 17:04 - 2018-06-15 08:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 17:04 - 2018-06-15 08:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 17:04 - 2018-06-15 08:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 17:04 - 2018-06-15 08:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 17:04 - 2018-06-15 08:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 17:04 - 2018-06-15 08:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 17:04 - 2018-06-15 08:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 17:04 - 2018-06-15 08:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 17:04 - 2018-06-15 07:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 17:04 - 2018-06-15 07:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 17:04 - 2018-06-15 07:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 17:04 - 2018-06-15 07:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 004529664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2018-07-11 17:04 - 2018-06-15 07:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 17:04 - 2018-06-15 07:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 17:04 - 2018-06-15 07:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 17:04 - 2018-06-15 07:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 17:04 - 2018-06-15 07:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 17:04 - 2018-06-15 07:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 17:04 - 2018-06-15 07:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 17:04 - 2018-06-15 07:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 17:04 - 2018-06-15 07:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 17:04 - 2018-06-15 07:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 17:04 - 2018-06-15 07:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 17:04 - 2018-06-15 07:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 17:04 - 2018-06-15 07:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 17:04 - 2018-06-15 07:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 17:04 - 2018-06-15 07:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 17:04 - 2018-06-15 07:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 17:04 - 2018-06-15 07:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 17:04 - 2018-06-15 07:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 17:04 - 2018-06-15 07:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 17:04 - 2018-06-15 07:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 17:04 - 2018-06-15 07:37 - 001069056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-11 17:04 - 2018-06-15 07:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 17:04 - 2018-06-15 07:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 17:04 - 2018-06-01 08:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-11 17:04 - 2018-05-20 14:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-11 17:04 - 2018-05-20 14:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-11 15:18 - 2018-07-17 12:13 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-07-11 15:18 - 2018-07-11 15:18 - 000000000 ____D C:\Program Files\Malwarebytes
2018-07-11 15:18 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-07-10 10:20 - 2018-07-10 10:20 - 000000000 ____D C:\ProgramData\Packages
2018-07-04 16:54 - 2018-07-04 16:54 - 000000000 _____ C:\Users\Fadi\java-version
2018-06-25 23:24 - 2018-06-25 23:24 - 002072576 _____ C:\Users\Fadi\Downloads\Yesser SDLC - Overall SDLC Process Diagram.vsd
2018-06-23 21:07 - 2018-06-23 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2018-06-23 21:02 - 2018-06-23 21:04 - 160385336 _____ (Apple Inc.) C:\Users\Fadi\Downloads\iCloudSetup.exe
2018-06-23 20:29 - 2018-06-23 20:30 - 000000063 _____ C:\Users\Fadi\Desktop\Apple.txt
2018-06-23 13:53 - 2018-06-23 13:53 - 000001827 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-06-23 13:53 - 2018-06-23 13:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-06-23 13:53 - 2018-06-23 13:53 - 000000000 ____D C:\Program Files\iPod
2018-06-23 13:52 - 2018-06-23 13:53 - 000000000 ____D C:\Program Files\iTunes
2018-06-23 13:42 - 2018-06-23 13:42 - 000000000 ____D C:\WINDOWS\System32\Tasks\Apple
2018-06-23 13:42 - 2018-06-23 13:42 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2018-06-21 21:31 - 2018-06-21 21:31 - 000007456 _____ C:\Users\Fadi\Desktop\Chat Window.html
2018-06-21 21:31 - 2018-06-21 21:31 - 000000000 ____D C:\Users\Fadi\Desktop\Chat Window_files
2018-06-18 19:48 - 2018-07-11 16:23 - 000000000 ____D C:\Users\Fadi\Documents\My Kindle Content
2018-06-18 19:48 - 2018-06-18 19:48 - 000002342 _____ C:\Users\Fadi\Desktop\Kindle.lnk
2018-06-18 19:48 - 2018-06-18 19:48 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2018-06-18 19:47 - 2018-06-18 19:48 - 000000000 ____D C:\Users\Fadi\AppData\Local\Amazon
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-07-17 15:43 - 2015-07-12 06:18 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-17 15:43 - 2015-07-12 06:18 - 000000000 ____D C:\ProgramData\Intel
2018-07-17 15:41 - 2015-10-30 09:28 - 000000000 ____D C:\Users\Default.migrated
2018-07-17 15:40 - 2015-07-12 06:29 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-07-17 15:38 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-17 15:37 - 2017-08-04 06:53 - 000000000 ____D C:\Program Files\Intel
2018-07-17 15:34 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-17 15:31 - 2015-12-11 07:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2018-07-17 15:29 - 2015-12-11 07:29 - 000000000 __RSD C:\Users\Fadi\Documents\McAfee Vaults
2018-07-17 15:28 - 2015-08-22 20:36 - 000000000 __SHD C:\Users\Fadi\IntelGraphicsProfiles
2018-07-17 15:27 - 2018-05-20 00:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-17 15:27 - 2018-04-12 00:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-17 15:27 - 2017-08-04 06:54 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-17 15:25 - 2017-10-10 04:45 - 000000000 ____D C:\Users\Fadi\AppData\LocalLow\Temp
2018-07-17 14:46 - 2018-05-19 23:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-17 13:58 - 2018-05-20 00:02 - 000004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3870C77B-96CD-451B-AF08-F559A1E2F9ED}
2018-07-17 12:13 - 2017-01-30 06:30 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-07-17 11:55 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-17 11:45 - 2016-03-19 08:19 - 000000000 ____D C:\Users\Fadi\Desktop\mine
2018-07-17 10:50 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-17 10:46 - 2017-12-11 11:44 - 000000000 ____D C:\Users\Fadi\AppData\Local\Packages
2018-07-17 09:33 - 2015-07-12 06:46 - 000000000 ____D C:\ProgramData\Lenovo App Services
2018-07-17 07:12 - 2015-09-12 07:45 - 000000000 ____D C:\Users\Fadi\AppData\Local\Adobe
2018-07-16 18:32 - 2018-05-19 23:34 - 000000000 ____D C:\Users\Fadi
2018-07-16 18:31 - 2018-01-01 00:19 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFadi.job
2018-07-16 18:29 - 2017-08-04 06:53 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-07-16 12:10 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-15 23:42 - 2018-05-20 00:02 - 000003236 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFadi
2018-07-13 18:00 - 2018-05-20 00:02 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3647983885-1338035356-1040962617-1001
2018-07-13 18:00 - 2018-05-19 23:34 - 000002415 _____ C:\Users\Fadi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-13 18:00 - 2015-08-22 20:38 - 000000000 ___RD C:\Users\Fadi\OneDrive
2018-07-13 09:13 - 2016-03-28 09:49 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002467 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-13 09:13 - 2016-03-28 09:49 - 000002454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-13 09:12 - 2015-07-12 06:52 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-13 09:04 - 2018-05-20 00:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-07-13 09:01 - 2018-02-04 00:43 - 000000000 ____D C:\Users\Fadi\AppData\LocalLow\Lenovo
2018-07-13 09:01 - 2015-07-12 06:45 - 000000000 ____D C:\Program Files\Lenovo
2018-07-13 09:01 - 2015-07-12 06:18 - 000000000 ____D C:\Program Files (x86)\Lenovo
2018-07-13 08:55 - 2017-08-04 06:54 - 000000000 ____D C:\ProgramData\Lenovo
2018-07-13 08:55 - 2015-07-12 06:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2018-07-11 22:04 - 2018-05-19 23:33 - 000931444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 22:03 - 2017-12-11 14:40 - 000000000 ___RD C:\Users\Fadi\3D Objects
2018-07-11 22:03 - 2015-08-22 20:26 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 22:01 - 2018-05-19 23:25 - 000419672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 22:01 - 2018-04-12 00:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 21:58 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 21:58 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 17:03 - 2015-08-23 20:32 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 17:00 - 2015-08-23 20:32 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-10 17:19 - 2015-12-11 07:26 - 000000000 ____D C:\Program Files (x86)\McAfee
2018-07-10 10:32 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-07 10:07 - 2015-07-12 06:48 - 000000000 ____D C:\Program Files\Common Files\McAfee
2018-07-07 10:06 - 2018-05-20 00:02 - 000003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2018-07-07 10:05 - 2018-05-20 00:02 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2018-07-07 10:05 - 2018-04-12 02:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-07-06 08:56 - 2018-05-20 00:02 - 000003446 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2018-07-01 12:51 - 2018-05-31 01:42 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-29 04:13 - 2018-04-12 02:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-29 04:13 - 2018-04-12 02:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-27 00:01 - 2016-04-23 20:04 - 000002312 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-27 00:01 - 2016-04-23 20:04 - 000002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-25 19:04 - 2018-01-20 19:31 - 000000000 ____D C:\Users\Fadi\AppData\Local\PlaceholderTileLogoFolder
2018-06-23 21:25 - 2016-04-12 09:13 - 000000000 ____D C:\Users\Fadi\AppData\Roaming\Apple Computer
2018-06-23 21:08 - 2016-04-12 09:13 - 000000000 ____D C:\Users\Fadi\AppData\Local\Apple Computer
2018-06-23 21:07 - 2016-04-12 09:11 - 000000000 ____D C:\Program Files\Common Files\Apple
2018-06-23 18:43 - 2017-12-11 14:41 - 000000000 ___HD C:\Users\Fadi\MicrosoftEdgeBackups
2018-06-23 14:05 - 2018-05-20 07:57 - 000000000 ____D C:\Users\Fadi\AppData\Local\D3DSCache
2018-06-23 13:42 - 2016-04-12 09:12 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2018-06-23 13:25 - 2017-10-25 14:27 - 000000024 _____ C:\Users\Fadi\Desktop\asma_wifi.txt
Some zero byte size files/folders:
==========================
C:\Windows\erunt.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-19 23:25
==================== End of FRST.txt ============================

 

 

 

 

 

 

Thanks,

Fadi


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Fadi (17-07-2018 15:51:00)
Running from C:\Users\Fadi\Desktop\mine\Virus
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-19 21:03:56)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3647983885-1338035356-1040962617-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3647983885-1338035356-1040962617-503 - Limited - Disabled)
Fadi (S-1-5-21-3647983885-1338035356-1040962617-1001 - Administrator - Enabled) => C:\Users\Fadi
Guest (S-1-5-21-3647983885-1338035356-1040962617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3647983885-1338035356-1040962617-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3647983885-1338035356-1040962617-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: McAfee VirusScan (Enabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Enabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
.NET Core SDK 1.1.0 (x64) (HKLM\...\{DF68596E-0F41-41CC-BAD9-9F30A9662D90}) (Version: 4.16.5124 - Microsoft Corporation) Hidden
.NET Core SDK 1.1.0 (x64) (HKLM-x32\...\{67d148ca-6fe2-47ec-bf5c-fbd64345d511}) (Version: 1.1.0 - Microsoft Corporation)
Active Directory Authentication Library for SQL Server (HKLM\...\{52D1FCFD-1052-4D75-B3FB-9906901AFD98}) (Version: 13.1.4001.0 - Microsoft Corporation) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.241 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1_1) (Version: 18.1.1 - Adobe Systems Incorporated)
Amazon Kindle (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\Amazon Kindle) (Version: 1.23.1.50133 - Amazon)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{64695C4A-C68F-46B5-A734-50EBF124A68E}) (Version: 11.3.3.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A30EA700-5515-48F0-88B0-9E99DC356B88}) (Version: 2.6.0.1 - Apple Inc.)
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Cisco Jabber Guest Add-on (HKLM-x32\...\{608D78B2-704C-4D19-9F46-79BEFA32BB7A}) (Version: 11.0.2.7 - Cisco Systems, Inc.)
Citrix Receiver 4.7 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.7.0.13011 - Citrix Systems, Inc.)
Click Install if prompted (HKLM-x32\...\{40830C8E-936E-4E08-AE37-240FF3343927}) (Version: 1.0.6.0 - ExpressVpn) Hidden
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{E598B692-764A-413C-8530-59163D6B4AE3}) (Version: 4.6.01590 - Microsoft Corporation) Hidden
Dependency Package Update (HKLM-x32\...\{3117B53D-A409-4D99-A0DE-11A1A40696FA}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4430150F-61B3-4142-BE04-EAC68C8DDA18}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{4AF6C9BC-D8DB-4286-94D9-474CE54ADAA2}) (Version: 1.6.38.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{503B47A9-E34A-4841-ADD7-417191D5DB5E}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{5BEFE1E1-F597-4B79-913B-15FFDB25B744}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{63DE35C9-B080-4D03-B110-99E14FD35BCE}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{65316098-0220-4D5C-B37A-6136083A0897}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
Dependency Package Update (HKLM-x32\...\{E966DBE4-5075-465E-BA81-BC9A3A3204B3}) (Version: 1.6.32.00 - Lenovo Group Limited) Hidden
DiagnosticsHub_CollectionService (HKLM\...\{37385261-BB10-4DE0-8822-84E1C4997ED2}) (Version: 15.0.26730 - Microsoft Corporation) Hidden
DisplayLink Core Software (HKLM\...\{58F4C39B-D946-4A45-A314-DEFC2AFDF397}) (Version: 7.5.54609.0 - DisplayLink Corp.)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.3.1 - Dolby Laboratories Inc)
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.2.99 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.2.99 - Nuance Communications, Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 15 (HKLM-x32\...\{F8C0447E-D45C-4E52-94E8-C6340AAC9DB8}) (Version: 6.1.60104.0 - Microsoft Corporation) Hidden
ExpressCache (HKLM\...\{44EAE7F6-8BBF-4C3F-A573-3CD5A3C067FA}) (Version: 1.3.110.0 - Condusiv Technologies)
ExpressVPN (HKLM-x32\...\{49637d60-e11c-4446-8a55-b701c47b5c04}) (Version: 6.4.0.3218 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{7F35E1C0-7401-48C8-AD13-175D88A7C38B}) (Version: 6.4.0.3218 - ExpressVPN) Hidden
GFExperience.Deployer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.Deployer) (Version: 3.11.0.73 - NVIDIA Corporation) Hidden
Git version 2.14.1 (HKLM\...\Git_is1) (Version: 2.14.1 - The Git Development Community)
GitHub Desktop (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\GitHubDesktop) (Version: 1.0.0 - GitHub, Inc.)
GlassFish Server Open Source Edition 4.1.1 (HKLM\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Global VPN Client (HKLM\...\{51E63C85-20E3-49E1-B0F2-4E0431A9CCA4}) (Version: 4.9.14 - Dell SonicWALL)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ENVY 120 series Basic Device Software (HKLM\...\{0E96CEFA-F256-4E54-BB46-34FA4A8847D7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP ENVY 120 series Help (HKLM-x32\...\{B45F1BFE-C8D5-4F09-BD54-90CB32BEDE12}) (Version: 28.0.0 - Hewlett Packard)
HP ENVY 120 series Product Improvement Study (HKLM\...\{E0C8943E-2DA5-4F82-A54E-76157E95AA30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 4650 series Basic Device Software (HKLM\...\{F68DF314-BD12-4549-941C-521CB8D16DDE}) (Version: 40.11.1122.1796 - HP Inc.)
HP OfficeJet 4650 series Help (HKLM-x32\...\{20CA428A-0827-4441-BC64-5C577EA970AD}) (Version: 36.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.6.18.11 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.9.24.3 - HP)
HP Touchpoint Analytics Client (HKLM\...\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}) (Version: 4.0.2.1439 - HP Inc.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{11ED31EC-7EFA-4D56-B71D-E0214C8984CC}) (Version: 12.3.7.0 - HP)
icecap_collection_neutral (HKLM-x32\...\{743913D7-41D9-48C0-977D-FC87743A9BEC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{6BC73140-3CB6-486A-8350-BF35F54EFA19}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{67941F0C-2930-4C3F-983C-1089D2759B42}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{304B71E2-BA3A-419C-B632-3DFBB4AFE42B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
iCloud (HKLM\...\{C8127F91-0244-4FF0-8014-0C432E15E09D}) (Version: 7.5.0.34 - Apple Inc.)
IIS 10.0 Express (HKLM\...\{A54DCC30-E1EA-4912-A7F9-6C5A3AF1FB3A}) (Version: 10.0.1738 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Integrated Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11100 - Realtek Semiconductor Corp.)
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1017 - Intel Corporation)
Intel® Chipset Device Software (HKLM-x32\...\{f5d71765-7cd1-4e68-998f-5b379e725da3}) (Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Intel® Technology Access (HKLM-x32\...\{a3294ccc-6d01-43c2-9249-3f50bd113bb8}) (Version: 1.3.2.1030 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.15 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{4A95F6FA-1263-43D2-9926-5D6F7F359E92}) (Version: 17.1.1434.02 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{a0f22a81-00d1-45d6-9cad-d93c57053e53}) (Version: 20.10.2 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{0A2EDF2C-9A71-43D7-964A-696BB7CEAC65}) (Version: 15.0.25.0 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{BE065D5C-5EB5-4F39-A112-32897C297935}) (Version: 12.7.5.9 - Apple Inc.)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Java 8 Update 102 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180102F0}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 102 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180102}) (Version: 8.0.1020.14 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 131 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180131}) (Version: 8.0.1310.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Lenovo App Services (HKLM\...\Lenovo App Services) (Version: 0.200.8.268 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.13 - )
Lenovo HID HW Radio Driver 1.0.0.58 (HKLM\...\{E5325F32-D15A-4131-B029-4A5B7609E532}_is1) (Version: 1.0.0.58 - Lenovo)
Lenovo Multimedia and Communications Core Runtime (HKLM\...\{033DC0E0-DA89-4C33-B66C-89B64D312CD1}_is1) (Version: 5.0.13.94 - Lenovo Corporation)
Lenovo Patch Utility (HKLM-x32\...\{E8F27ADF-B1ED-41AF-A7EF-D5E71778480C}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (HKLM\...\{49A09C2C-FFF4-478E-B397-5E0979F67F5D}) (Version: 1.3.2.6 - Lenovo Group Limited) Hidden
Lenovo Peer Connect SDK (HKLM\...\{75C87855-9CBB-4892-B1A9-74C73A19CACA}_is1) (Version: 1.0.0.7 - Lenovo)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo) Hidden
Lenovo QuickControl (HKLM-x32\...\{ABA0A3F7-649E-4338-BDC9-18437D9699D6}) (Version: 2.40 - Lenovo Group Limited)
Lenovo Settings - Camera Audio (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 4.3.19.209 - Lenovo Corporation)
Lenovo Settings - Location Awareness (HKLM-x32\...\{C79D4402-E622-4922-9C02-89F9080BF081}_is1) (Version: 1.4.0.5 - Lenovo Group Limited)
Lenovo Settings - MultiMode (HKLM-x32\...\{2DCC613D-E94E-4BA6-9642-77C4CA45DB7B}_is1) (Version: 1.1.0.8 - Lenovo Group Limited)
Lenovo Settings Dependency Package (HKLM\...\{3694BA2E-BE31-4B7E-886B-A0B559E69D4D}_is1) (Version: 2.3.3.37 - Lenovo Group Limited)
Lenovo Settings Mobile Hotspot (HKLM\...\{42603F7D-B08D-436B-B0D8-3E2DEF1AFD41}_is1) (Version: 2.3.0.88 - Lenovo)
Lenovo Settings Service (HKLM\...\{8C6F1EBA-17F1-4481-B688-9777E63E985F}_is1) (Version: 2.3.3.10 - Lenovo Group Limited)
Lenovo Settings UMDF driver (HKLM\...\{2BDC7413-65EA-4B99-8C4B-02F11075BE6D}_is1) (Version: 1.2.0.7 - Lenovo Group Limited)
Lenovo Solution Center (HKLM\...\{C1FC707B-AE6B-4DC4-89A5-6628A01F8103}) (Version: 3.3.003.00 - Lenovo)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0032 - Lenovo)
Lenovo USB Graphics (HKLM\...\{E6B1FE9A-CB1E-4096-A0AF-163419CB971C}) (Version: 7.5.54614.0 - Lenovo)
Lenovo USB3.0 to DVI VGA Monitor Adapter (HKLM-x32\...\{454D32AD-C149-49BE-9F2E-8C089C3D6620}) (Version: 1.07.17 - Lenovo)
Lenovo User Guide (HKLM-x32\...\{13F59938-C595-479C-B479-F171AB9AF64F}) (Version: 1.0.0012.00 - Lenovo Group Limited)
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0011.00 - Lenovo)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 16.0 R13 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.7.203 - McAfee, Inc.)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0012.00 - Lenovo Group Limited) Hidden
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0011.00 - Lenovo Group Limited) Hidden
Microsoft AS OLE DB Provider for SQL Server 2016 (HKLM\...\{875FD7AC-E11F-4F3D-BA4E-BCED5E4B78FF}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Azure Authoring Tools - v2.9.5.3 (HKLM\...\{086C537B-DE1A-4A11-8441-6AAF076174B8}) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Compute Emulator - v2.9.5.3 (HKLM\...\Microsoft Azure Compute Emulator - v2.9.5.3) (Version: 2.9.8699.20 - Microsoft Corporation)
Microsoft Azure Libraries for .NET – v2.9 (HKLM\...\{C5C91AA6-3E83-430E-8B7A-6B790083F28D}) (Version: 3.0.0127.060 - Microsoft Corporation)
Microsoft Azure Mobile App SDK V3.0 (HKLM-x32\...\{A1D5A2EC-1BB0-4ED6-97E6-F044400FAFFD}) (Version: 3.0.50407.0 - Microsoft Corporation)
Microsoft Azure PowerShell - September 2016 (HKLM-x32\...\{CB3F8A12-1570-4964-8206-17274AB9EF4D}) (Version: 2.1.0 - Microsoft Corporation)
Microsoft Azure Storage Emulator - v5.1 (HKLM-x32\...\Microsoft Azure Storage Emulator - v5.1) (Version: 5.1.1760.1722 - Microsoft Corporation)
Microsoft Identity Extensions (HKLM\...\{F99F24BF-0B90-463E-9658-3FD2EFC3C992}) (Version: 2.0.1459.0 - Microsoft Corporation)
Microsoft MPI (7.1.12437.25) (HKLM\...\{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}) (Version: 7.1.12437.25 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft Office Home and Business 2016 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft R Client (HKLM\...\{02EFEF35-C9D6-465D-BB0E-EB48B549B3AB}) (Version: 3.3.2.1988 - Microsoft)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{1385D3DB-8E80-427B-91D2-B7535862B8E4}) (Version: 11.3.6518.0 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{9097BF1A-13A0-4A4A-A1F8-473E2A669863}) (Version: 13.1.4001.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM\...\{9BAD8F82-A221-42CE-AFF0-7CAB825790C9}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2017 CTP2.1 (HKLM-x32\...\{F0DD1AA8-44D7-4ACE-AF65-7378EA5D884C}) (Version: 14.0.600.250 - Microsoft Corporation)
Microsoft Visio Standard 2016 - en-us (HKLM\...\VisioStdRetail - en-us) (Version: 16.0.10228.20104 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2017 (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 1.11.33288.831 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{65C71B09-C33D-4F60-93EA-DF3AD1D40600}) (Version: 10.0.1981 - Microsoft Corporation)
MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
NetBeans IDE 8.2 (HKLM\...\nbi-nb-base-8.2.0.0.201609300101) (Version: 8.2 - NetBeans.org)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
O2Micro Flash Memory Card Windows Driver (HKLM\...\{F944A022-6C4B-4487-86E9-738D2D68650D}) (Version: 3.3.00.116 - O2Micro International LTD.) Hidden
O2Micro Flash Memory Card Windows Driver (HKLM-x32\...\InstallShield_{F944A022-6C4B-4487-86E9-738D2D68650D}) (Version: 3.3.00.116 - O2Micro International LTD.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20104 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.51.00 - )
Online Plug-in (HKLM-x32\...\{EACEB844-8CDD-4F3B-9EA2-E299741D1652}) (Version: 14.7.0.13011 - Citrix Systems, Inc.) Hidden
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Product Improvement Study for HP OfficeJet 4650 series (HKLM\...\{4C6A5272-AB0C-4913-8E66-C7B408C761A4}) (Version: 40.11.1122.1796 - HP Inc.)
Python 3.6.1 (Anaconda3 4.4.0 64-bit) (HKLM\...\Python 3.6.1 (Anaconda3 4.4.0 64-bit)) (Version: 4.4.0 - Continuum Analytics, Inc.)
Python 3.6.2 (64-bit) (HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\...\{f71cfe9a-4a67-48a6-844b-571a76b33d33}) (Version: 3.6.2150.0 - Python Software Foundation)
Python 3.6.2 Core Interpreter (64-bit symbols) (HKLM\...\{945357E1-6DEF-4AFF-A850-436BCB4436F6}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Core Interpreter (64-bit) (HKLM\...\{DBBB1BBC-A398-4262-9C25-D7A6E9B06841}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Development Libraries (64-bit) (HKLM\...\{7EC331E8-5683-4B2B-A22B-5925DBE5E06E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Documentation (64-bit) (HKLM\...\{978543A0-731D-4BEF-9CB6-9835B1DFFB33}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit symbols) (HKLM\...\{D3CF3208-359F-43D5-934A-C8F0C041441D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Executables (64-bit) (HKLM\...\{90A9D089-DB6E-48DC-9EEC-7F2229B2DFF0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 pip Bootstrap (64-bit) (HKLM\...\{4FF902DF-D960-4A78-9C04-9D8E1CC33149}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit symbols) (HKLM\...\{28AC6C7B-38C1-4723-9E72-52FD1AD415C7}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Standard Library (64-bit) (HKLM\...\{1D2E9660-8DD7-4830-AFA6-5EC160F37A4E}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit symbols) (HKLM\...\{9B506A0E-10D4-4B1D-AE7A-CADDDAF73F39}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Tcl/Tk Support (64-bit) (HKLM\...\{27B26342-82FB-4CA4-9ADB-D09982631CB0}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit symbols) (HKLM\...\{749C57BE-1822-465B-8332-9CBE341B83DA}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Test Suite (64-bit) (HKLM\...\{9EE8E58D-3021-40C5-8FBB-BF3A91A0B44D}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python 3.6.2 Utility Scripts (64-bit) (HKLM\...\{907B8BA6-C91D-4A8E-8237-828BFAB77C63}) (Version: 3.6.2150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{2636F1E4-2BC5-4B19-BFFD-A08F72598309}) (Version: 3.6.6032.0 - Python Software Foundation)
REACHit (HKLM-x32\...\{4532E4C5-C84D-4040-A044-ECFCC5C6995B}) (Version: 2.5.005.12 - Lenovo)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
Self-service Plug-in (HKLM-x32\...\{5D678EB8-64FD-4681-AACF-3D18FBCA77A3}) (Version: 4.7.0.15674 - Citrix Systems, Inc.) Hidden
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 3.2.0.543 - Lenovo)
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 16.18.9 - NVIDIA Corporation) Hidden
Snagit 13 (HKLM-x32\...\{99cd7d37-46bf-44d7-857e-7514a1bd3e83}) (Version: 13.1.1.7662 - TechSmith Corporation)
Snagit 13 (HKLM-x32\...\{B6369D04-6B02-4C63-85C5-46C09D0787EE}) (Version: 13.1.1 - TechSmith Corporation) Hidden
Split Tunneling Driver (HKLM-x32\...\{F078B0B5-2F41-42C2-9162-B8C628D5E6FE}) (Version: 1.0.0.0 - ExpressVpn) Hidden
sptools_Microsoft.VisualStudio.OfficeDeveloperTools.Msi (HKLM-x32\...\{72BA31CD-9667-422B-A8A4-65C248E06222}) (Version: 15.0.26501 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi (HKLM-x32\...\{CD08D2FC-15E2-4B11-A824-091CD344612E}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.Resources (HKLM-x32\...\{6F410B16-8B46-43AF-BC73-C43EE190BFA4}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
sptools_Microsoft.VisualStudio.Vsto.Msi.x64 (HKLM-x32\...\{F210BD01-6020-4406-AAE1-15B4D4C096C8}) (Version: 15.0.26417 - Microsoft Corporation) Hidden
SpyHunter 5 (HKLM-x32\...\SpyHunter5) (Version: 5.0.30.51 - EnigmaSoft Limited)
ThinkPad OneLink Dock (HKLM-x32\...\{8E1CACF5-2493-4950-9AD5-189903FE57E7}) (Version: 1.08.30 - Lenovo)
ThinkPad UltraNav Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.216.1616.137 - ALPS ELECTRIC CO., LTD.)
Thinkpad USB Ethernet Adapter Driver (HKLM-x32\...\{D8102684-7BA1-4948-88B9-535F84E6E588}) (Version: 8.20.1114.2014 - Lenovo)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.80.03.00 - Lenovo) Hidden
TOEFL Official Guide 4.0 (HKLM-x32\...\TOEFL Official Guide) (Version: 4.0 - McGraw-Hill)
TypeScript SDK (HKLM-x32\...\{CFA1F87E-EF2B-4785-812C-4BEEA22CFD06}) (Version: 2.3.5.0 - Microsoft Corporation) Hidden
Unity (HKLM-x32\...\Unity) (Version: 5.6.3p1 - Unity Technologies ApS)
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{C36E80D0-EED5-481F-9852-1EBB0DD122B6}) (Version: 14.11.25325 - Microsoft Corporation) Hidden
VS Immersive Activate Helper (HKLM-x32\...\{FD1039C3-228B-43BB-820A-ACAED580A9D5}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{75068E51-7C37-4003-84C2-C67461C8D60A}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{A9ED1B56-3819-4B14-A929-89DD3E16E216}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
VS WCF Debugging (HKLM\...\{EF9A8134-DF80-46A8-85AF-7FBD1E848C12}) (Version: 16.0.71.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{028492D7-855B-4018-B0A8-B5411EED541A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{DCAD4F0C-21F2-4955-9C0A-2B7CEA610A74}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{C32010D8-3E5A-4E2F-874E-9AAEB2384006}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{440B670C-9862-487A-A381-57173D344039}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_communitymsi (HKLM-x32\...\{52100697-9C66-44F3-BA20-68F8148CDF9B}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{40040E64-50EB-4FCF-B209-DA0B20821759}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_devenvmsi (HKLM-x32\...\{BFFA2FFB-1095-4ADD-A352-368806D2412B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{DDEF2BD0-F728-4D04-A085-B5ACC9ADC311}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{2512A3CE-E1E4-46D5-8B40-28DA3AE2261E}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{384F31FB-B99D-48A7-9D72-E1FEBEC2201A}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx64 (HKLM\...\{134E1F55-10CB-4837-9F43-C8145933AA3E}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_Graphics_Singletonx86 (HKLM-x32\...\{5A528FAB-6AD3-4F9A-9A1C-566A5C02C3D6}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{D0772A03-7FC2-4B20-AC1F-B278299AA9C7}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{0F2742A7-6A64-46A2-94AE-22F19808BE2F}) (Version: 15.0.26711 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{6DFE6F8D-B61D-4348-AB70-4ABF1210DFD5}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_professionalmsi (HKLM-x32\...\{C135A30B-7258-4E11-8660-87C5642A4AAE}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{5C682D5E-7168-47C6-87CD-53E2103B08AC}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{032E21D1-556F-49D6-9518-CF53202AF63B}) (Version: 15.0.26621 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows Driver Package - Alps (ApfiltrService) Mouse  (11/07/2014 8.216.1616.114) (HKLM\...\41971DA027600AD7B096FE14E6C0E9274B6BFD79) (Version: 11/07/2014 8.216.1616.114 - Alps)
Windows Driver Package - Intel Corporation (iaStorA) HDC  (08/22/2014 13.5.0.1056) (HKLM\...\5EC6580D569A9D3B15C34964E5BB5BC263F05FE5) (Version: 08/22/2014 13.5.0.1056 - Intel Corporation)
Windows Driver Package - Intel® Corporation (VirtualButtons) System  (10/17/2013 1.0.0.15) (HKLM\...\41EFF33D709064D437FD3001D1E09AB2D8E9AA7C) (Version: 10/17/2013 1.0.0.15 - Intel® Corporation)
Windows Driver Package - Lenovo 1.67.09.03 (11/07/2014 1.67.09.03) (HKLM\...\FA3F6F3D6E8958FDDEE1E09CC77DFA71B0D7835A) (Version: 11/07/2014 1.67.09.03 - Lenovo)
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Workflow Manager Client 1.0 (HKLM\...\{69CD1F2D-DF68-4E23-9108-1B70783F2855}) (Version: 2.1.10525.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{7E351EBA-A063-4DE6-9F95-094883AAF7DA}) (Version: 2.1.10713.0 - Microsoft Corporation) Hidden
Xamarin PCL Profiles v1.0.9 (HKLM-x32\...\{5E6844AB-A867-419C-A376-B12B574AA5F7}) (Version: 1.0.9.0 - Xamarin) Hidden
Xamarin Workbooks and Inspector (HKLM-x32\...\{4C9771FB-6EB6-4E89-A2BE-BDE8B61C1BEC}) (Version: 1.2.2.9000 - Xamarin) Hidden
Xamarin.Bonjour v1.0.13 (HKLM-x32\...\{32B2DF61-DE93-4AF9-A7A6-79B03299A0AA}) (Version: 1.0.13.0 - Xamarin) Hidden
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3647983885-1338035356-1040962617-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-12] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-18] ()
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2018-05-23] (Apple Inc.)
ContextMenuHandlers1: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-17] (TechSmith Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers4: [SnagItMainShellExt] -> {CF74B903-3389-469c-B3B6-0204D204FCBD} => C:\Program Files (x86)\TechSmith\Snagit 13\DLLx64\SnagitShellExt64.dll [2017-02-17] (TechSmith Corporation)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-11-10] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-21] (NVIDIA Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll [2018-07-12] ()
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll [2017-08-14] ()
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-03] (Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2018-06-15] (McAfee, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {022ACAA3-03EB-4D83-980D-53A2531F3D99} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2016-07-08] ()
Task: {05D73701-58DC-49D0-82CB-9E56B84045A8} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2018-05-22] (McAfee, Inc.)
Task: {09F67968-EDE3-41D1-9D5A-C727F4BE28F2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {1325651D-A86B-445B-AB01-0E9D9C3A8ED8} - System32\Tasks\HPCustParticipation HP OfficeJet 4650 series => C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPCustPartic.exe [2017-04-07] (HP Inc.)
Task: {140C6411-EBE6-40EA-9462-9543FB2D5C46} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {16E15D5D-107B-489C-9F7E-3D9BDAB52F10} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
Task: {1D88DDE6-36A5-447F-A0DA-4D6048084732} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {21650BD6-35B3-4002-9EBF-381F9C047BA1} - System32\Tasks\Lenovo App Services => C:\ProgramData\Lenovo App Services\Engine\LenovoAppServices.exe [2016-10-06] (Lenovo)
Task: {234CA682-230F-494D-8A88-1B965A0B5B92} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-25] (Realtek Semiconductor)
Task: {248178EF-0CF0-46EE-8193-3DD38DD5F2D0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [2018-05-16] (Lenovo Group Limited)
Task: {2679436A-EDBF-40AD-A72F-EF2C053EB0CE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-12] (Microsoft Corporation)
Task: {2B40AFED-87FC-4E67-AC03-9762CA196CE7} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-25] (Realtek Semiconductor)
Task: {2D447704-5330-413B-B6F9-50294F9EEE12} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-21] (HP Inc.)
Task: {3177C8A1-45A0-4B32-9561-1580F2ACDCBE} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2018-02-07] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3D9DA7AA-75F3-4BA0-9FCE-B01083BFE95C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {413D6986-E1E3-4E46-90AC-92F9E0190073} - System32\Tasks\HPCustParticipation HP ENVY 120 series => C:\Program Files\HP\HP ENVY 120 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {43A76AB0-D0B9-4CE5-B4ED-F949BB995185} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSC.Services.UpdateStatusService.exe [2016-06-03] ()
Task: {457974FA-7AF6-419A-8785-839467316EC4} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {48DD17F8-8222-4256-9EAC-5F6BA9B66F89} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-30] (Microsoft Corporation)
Task: {4F4F7C8C-0AD5-48D6-ACC0-4A968BAC78D3} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler  /v start /t reg_dword /d 1 /f /reg:32
Task: {53114FC7-B549-4F42-B795-4A238868B420} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-alsabee@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {5486B230-7AAD-4F59-A860-D7ED84FEABA4} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-12] (Microsoft Corporation)
Task: {57FF44E7-8587-4431-A315-6CA83715FBEF} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6893D708-29F0-40A3-AB68-661266A18773} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2016-06-03] (Lenovo)
Task: {6EBF8FD3-193F-4D41-881E-45BB3E939D4E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-07-12] (Microsoft Corporation)
Task: {70DA9CA8-F080-44DF-ABC1-6F9929E46955} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2018-05-11] (HP Inc.)
Task: {74298A72-507C-4B3B-8841-3F6D3B025DCD} - System32\Tasks\Lenovo\Lenovo Settings Power => "C:\windows\system32\rundll32.exe" "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.dll",PwrMgrBkGndMonitor
Task: {7B1859BB-B882-4BD3-867A-D33574170C38} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-03] (Lenovo)
Task: {7EE60412-BA7A-401F-9ABB-11FCF1F593BC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2018-06-28] (HP Inc.)
Task: {8493E97F-603D-4C72-BEBD-F28DDAEED646} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)
Task: {90B6F06E-8459-4336-A6C6-9C4F79FFBDF7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {968D03D0-026E-4466-9F72-20063C193692} - System32\Tasks\RtHDVBg_LENOVO_MICPKEY => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-06-25] (Realtek Semiconductor)
Task: {9AFBAAAB-3A00-45DF-9759-4208F1C9B532} - \WPD\SqmUpload_S-1-5-21-3647983885-1338035356-1040962617-1001 -> No File <==== ATTENTION
Task: {9DDAD801-1084-4CB2-B78C-4861EFF6C31D} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2016-06-03] (Lenovo)
Task: {A2EB15E8-8FC0-49F7-962B-CCE85C206361} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {A7B50BAE-E980-4492-BF4C-F70112AED1AB} - System32\Tasks\McAfee DAT Built in test => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.5.243\mcdatrep.exe [2018-01-10] (McAfee, LLC.)
Task: {AD79CFD7-C2E9-4571-B1B8-95160CF10D02} - System32\Tasks\Lenovo\REACHit Agent Update => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-19] (Lenovo)
Task: {BD353F2D-1960-4D36-B43F-7287730F0DEF} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-12] (Microsoft Corporation)
Task: {C4309BCB-8AEB-40C8-87E5-878A98AE8761} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fd2c7f9d-c7c9-413e-9499-da230cd7e80a => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {C7DFCA5E-22C1-4828-B3BF-2803CB5D4FD0} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {CE941238-D364-4F0A-BD3E-488D50631C35} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe [2018-06-06] (McAfee, Inc.)
Task: {D050338C-5010-4DA8-8709-6DFE6FFEF6DE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2018-05-04] (HP Inc.)
Task: {D2D07D4B-C565-4490-A3C4-7EC890D920B4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2017-09-21] (HP Inc.)
Task: {D9FB5C63-93E8-4919-9860-0A11B73F7A58} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2018-01-08] (Apple Inc.)
Task: {DD1B598F-B405-4467-B09A-2BD0D95A6431} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\7816a0ee-7542-4b3b-a837-ba49e4bdc7f2 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {EC2C9E27-A3BB-43BA-AF4A-15B31542974D} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-12] (Microsoft Corporation)
Task: {EFB8D00E-7978-4F31-BB71-B64EDF6A3F28} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-05-19] (Lenovo)
Task: {F0D2B158-841A-4293-95BD-3E6C034648EC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-12] (Microsoft Corporation)
Task: {F2842DA5-01BD-42C4-B22B-798DF1A18CB5} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {F314486B-7C32-47E5-85BE-8FF3FF3C49C5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\3572634a-928d-4dde-99e3-b2156a7e78e0 => C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [2018-05-16] (Lenovo Group Limited)
Task: {F7776B8A-3006-4002-BE86-8B6BBA30B898} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2018-02-28] (McAfee, Inc.)
Task: {F9043BD3-628B-48B4-96BC-94B683B93FDD} - System32\Tasks\HPCeeScheduleForFadi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-23] (Hewlett-Packard)
Task: {FB653861-C653-48D3-8DEB-82D6E9598D9E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2017-11-20] ()
Task: {FCF704DE-47F0-4CB5-B80D-765C831EB21C} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2016-09-06] (TechSmith Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForFadi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2015-07-12 06:50 - 2015-01-16 17:49 - 000105472 ____N () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-11-22 02:48 - 2017-11-22 02:48 - 000339168 _____ () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe
2015-01-24 02:42 - 2015-01-24 02:42 - 000087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll
2015-01-24 02:58 - 2015-01-24 02:58 - 001795976 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll
2015-01-24 02:58 - 2015-01-24 02:58 - 000357768 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:58 - 2018-05-15 18:58 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-07-11 15:18 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-07-11 15:18 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-22 02:50 - 2017-11-22 02:50 - 009501312 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
2015-06-27 03:51 - 2015-06-27 03:51 - 001365224 _____ () C:\Program Files\Tablet\ISD\libxml2.dll
2017-08-14 13:48 - 2017-08-14 13:48 - 000491600 _____ () C:\Program Files (x86)\Adobe\Adobe Sync\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-12 11:42 - 2018-07-12 11:42 - 000155504 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
2016-05-18 01:42 - 2016-05-18 01:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-04-06 14:05 - 2018-04-06 14:05 - 000896136 _____ () C:\Program Files\Common Files\McAfee\CSP\2.9.175.0\McCSPMsgBusDLL.dll
2016-11-25 14:19 - 2017-11-10 10:02 - 000401896 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-07-11 17:04 - 2018-07-06 09:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 10:44 - 2018-07-17 10:45 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 10:44 - 2018-07-17 10:45 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 10:44 - 2018-07-17 10:45 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 10:44 - 2018-07-17 10:45 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 10:44 - 2018-07-17 10:44 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-10 10:19 - 2018-07-10 10:19 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-17 10:45 - 2018-07-17 10:45 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 05:23 - 2017-09-26 05:23 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-17 10:45 - 2018-07-17 10:45 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-05-22 22:09 - 2018-05-22 22:09 - 000088888 _____ () C:\Program Files\iTunes\zlib1.dll
2018-05-22 22:08 - 2018-05-22 22:08 - 001356088 _____ () C:\Program Files\iTunes\libxml2.dll
2016-07-08 01:21 - 2016-07-08 01:21 - 000031104 _____ () C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
2015-06-25 08:57 - 2015-06-25 08:57 - 000133184 _____ () C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
2015-07-12 06:51 - 2015-01-10 01:40 - 000469720 _____ () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
2015-07-12 06:51 - 2015-01-10 01:40 - 000013528 _____ () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
2018-06-09 12:49 - 2018-06-09 12:50 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 12:49 - 2018-06-09 12:50 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-03 21:22 - 2017-10-03 21:23 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-25 08:38 - 2018-04-25 08:46 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-04-05 18:03 - 2018-04-05 18:06 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-05-31 02:16 - 2018-05-31 02:18 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-06-09 12:49 - 2018-06-09 12:50 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 12:49 - 2018-06-09 12:49 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-31 02:16 - 2018-05-31 02:17 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-31 02:16 - 2018-05-31 02:18 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 12:49 - 2018-06-09 12:50 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2017-11-22 02:50 - 2017-11-22 02:50 - 006427144 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\libxvclient.dll
2017-11-22 02:51 - 2017-11-22 02:51 - 000080512 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.NetworkUtils.dll
2017-11-22 02:51 - 2017-11-22 02:51 - 000447616 _____ () C:\Program Files (x86)\ExpressVPN\xvpnd\windows\ExpressVPN.FilterManager.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000076088 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 001042232 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2018-05-15 18:59 - 2018-05-15 18:59 - 000189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-11-10 22:12 - 2014-11-10 22:12 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-07-12 06:51 - 2015-01-07 19:29 - 002201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2015-07-12 06:51 - 2015-01-07 19:29 - 002085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59 [564]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 16:25 - 2013-08-22 16:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3647983885-1338035356-1040962617-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 172.20.10.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{474B314C-7ED5-4220-8D15-7D150C1D2E4A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5F963BF6-7D11-44ED-81C9-CB9055EA93A3}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{DEAB8B3C-663F-4132-9CB3-5DB973F2250F}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{48296157-ED13-4342-B4D3-A43047AB00AB}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{33BA0197-39FF-492F-AE75-A9E96ECF12B0}] => (Allow) LPort=8298
FirewallRules: [{E39E389D-A3EB-4B36-AE8F-81EBDE003D8D}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8CB80195-3196-4DC0-B68D-FEC847651EA0}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{12EE9815-2C66-4EB7-B973-18A528A23141}] => (Allow) C:\Program Files\HP\HP ENVY 120 series\Bin\DeviceSetup.exe
FirewallRules: [{89A13D33-5AD2-4FD6-87AA-27157998B309}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{12D20D42-95F7-48C1-AEA8-2AB4DB6C6985}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{0B46AB0F-AD99-4409-B5B1-B601D4C6490A}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{A89C836A-F990-49D9-AFCB-2C85F0DE2BE2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F25F4A6A-3EA6-49C7-9F7B-C74304E4DEF2}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{93CDDBE3-54CF-400D-B329-2E6BD61E94B7}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{DD1CD8F6-50BA-4A4C-8DB5-A2B19E581BB3}] => (Allow) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
FirewallRules: [{D104AB86-EF73-4F9F-BDE5-E94D39BAD93A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{152CB6F6-6900-4CC2-9CE8-5E2B6D783352}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A33D872E-0383-4A1B-A0AF-49420B362DC1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C283AE28-62EA-4551-B3F8-FFD1962543BC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A85A6B5E-A67A-4B93-ABE0-0442E5DF6D08}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1B6B1525-B2A3-4BC2-8C4B-6A9850E4AA24}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{D63500C5-3F7B-4A32-A98F-C865CA3707FB}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe
FirewallRules: [{04784F2A-52D7-4065-BB3F-C9E7C7FC6A05}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe
FirewallRules: [{3BF6E538-AB56-46A4-A2C9-BF0CA8B91A11}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{6D51C652-299C-47DE-A7E1-983528F67A1C}] => (Allow) C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe
FirewallRules: [{3B5FCBF6-B9E5-4A8C-9777-8B0E9FE0805D}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{2F11DA57-4F57-4DB9-B0A2-63AE499DCD45}] => (Allow) C:\Program Files\Microsoft MPI\Bin\mpiexec.exe
FirewallRules: [{030E86F4-E2B5-4E74-894D-DB5F234C347E}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{1D17B069-A913-44FB-B3E1-DE2F9A3A4A95}] => (Allow) C:\Program Files\Microsoft MPI\Bin\smpd.exe
FirewallRules: [{AE3781A6-A107-45F3-9FAC-A5FA0CF77B9A}] => (Allow) LPort=12292
FirewallRules: [{AA55B5F0-1F37-4CB5-A3BD-D2F54ED5A947}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxPrinterUtility.exe
FirewallRules: [{B357A986-E281-4856-95A1-5E173110AA95}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\FaxApplications.exe
FirewallRules: [{6B6D7485-A654-487D-9379-9F4A98CDBDA6}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\DigitalWizards.exe
FirewallRules: [{0840CE79-8A75-4D77-8594-172F83622C3F}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\bin\SendAFax.exe
FirewallRules: [{99BB7F1E-166D-426A-A76C-8ACA9B3D3039}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\DeviceSetup.exe
FirewallRules: [{F5FAA1FE-A01B-4D5F-9CC7-FED05C40EA29}] => (Allow) LPort=5357
FirewallRules: [{A53BB73D-B10A-4E71-AEB0-29C788B6D221}] => (Allow) C:\Program Files\HP\HP OfficeJet 4650 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{076D550F-68DC-4E53-B710-7191C22CCF24}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{15175C2E-EF8B-46C3-9D0A-E77993A2F0C3}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{F4B6020F-4707-4E8D-8662-3A86B973DC9B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
16-07-2018 18:45:19 Installed Cisco Jabber Guest Add-on
17-07-2018 11:33:27 JRT Pre-Junkware Removal
==================== Faulty Device Manager Devices =============
Name: SonicWALL Virtual NIC
Description: SonicWALL Virtual NIC
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: SonicWALL
Service: SWVNIC
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================
Application errors:
==================
Error: (07/17/2018 03:41:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=43, authorId=9, vendorId=0, vendorType=0
Error: (07/17/2018 03:41:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=25, authorId=9, vendorId=0, vendorType=0
Error: (07/17/2018 03:41:24 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path name validation failed. Error: typeId=17, authorId=9, vendorId=0, vendorType=0
Error: (07/17/2018 03:30:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Creative Cloud.exe, version: 4.2.0.211, time stamp: 0x5967a17d
Faulting module name: ntdll.dll, version: 10.0.17134.165, time stamp: 0x845de87a
Exception code: 0xc0000374
Fault offset: 0x000d8879
Faulting process id: 0x462c
Faulting application start time: 0x01d41dc9de222a01
Faulting application path: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 6aa0d97d-b1ea-4810-9095-0141288a65a0
Faulting package full name:
Faulting package-relative application ID:
Error: (07/17/2018 03:28:00 PM) (Source: nssm) (EventID: 1018) (User: )
Description: Failed to read registry value AppDirectory:
The operation completed successfully.
Error: (07/17/2018 02:46:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MultiModeUserSessionClient.exe, version: 1.1.0.8, time stamp: 0x54c9d3dc
Faulting module name: uiautomationcore.dll_unloaded, version: 7.2.17134.112, time stamp: 0x9b2c994a
Exception code: 0xc0000005
Fault offset: 0x0003a3cf
Faulting process id: 0x7824
Faulting application start time: 0x01d41dc20e8b2d04
Faulting application path: C:\Program Files (x86)\Lenovo\MultiMode\MultiModeUserSessionClient.exe
Faulting module path: uiautomationcore.dll
Report Id: 7dc07749-919f-428b-916f-ca98fae41ae7
Faulting package full name:
Faulting package-relative application ID:
Error: (07/17/2018 02:46:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MultiModeUserSessionClient.exe, version: 1.1.0.8, time stamp: 0x54c9d3dc
Faulting module name: uiautomationcore.dll_unloaded, version: 7.2.17134.112, time stamp: 0x9b2c994a
Exception code: 0xc00001a5
Fault offset: 0x0009e10a
Faulting process id: 0x7824
Faulting application start time: 0x01d41dc20e8b2d04
Faulting application path: C:\Program Files (x86)\Lenovo\MultiMode\MultiModeUserSessionClient.exe
Faulting module path: uiautomationcore.dll
Report Id: 4fde7c84-bd4b-47b0-9b65-bdc818200550
Faulting package full name:
Faulting package-relative application ID:
Error: (07/17/2018 01:57:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MultiModeUserSessionClient.exe, version: 1.1.0.8, time stamp: 0x54c9d3dc
Faulting module name: uiautomationcore.dll_unloaded, version: 7.2.17134.112, time stamp: 0x9b2c994a
Exception code: 0xc0000005
Fault offset: 0x0003a3cf
Faulting process id: 0x621c
Faulting application start time: 0x01d41dbb69462435
Faulting application path: C:\Program Files (x86)\Lenovo\MultiMode\MultiModeUserSessionClient.exe
Faulting module path: uiautomationcore.dll
Report Id: e2ad0c21-b6ad-45c8-8743-923fa7ab0d33
Faulting package full name:
Faulting package-relative application ID:

System errors:
=============
Error: (07/17/2018 03:48:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:38:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:33:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:31:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:30:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:29:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (07/17/2018 03:26:57 PM) (Source: DCOM) (EventID: 10010) (User: LENOVO-PC)
Description: The server {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} did not register with DCOM within the required timeout.
Error: (07/17/2018 03:23:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

CodeIntegrity:
===================================
Date: 2018-07-17 15:50:06.346
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:49:38.302
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:42:15.389
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:42:11.423
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:41:59.167
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:40:40.883
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:40:36.097
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-07-17 15:40:24.598
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 71%
Total physical RAM: 8106.57 MB
Available physical RAM: 2316.82 MB
Total Virtual: 10410.57 MB
Available Virtual: 4133.99 MB
==================== Drives ================================
Drive c: (Windows8_OS) (Fixed) (Total:916.49 GB) (Free:732.01 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{dc99c316-8b1c-4259-a646-8cfb90b0e28c}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.7 GB) NTFS
\\?\Volume{7470784b-6518-404c-9c86-32813418dd78}\ (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:5.11 GB) NTFS
\\?\Volume{b2691846-cdea-4f9a-86db-f0f39e3c82cd}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0B175CE1)
Partition: GPT.
========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 0B175CEA)
Partition: GPT.
==================== End of Addition.txt ============================


#6 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 17 July 2018 - 03:43 PM

Your log is clean.

 

Can you tell me if it is one specific browser you are using when the redirects happen.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 sam_34132

sam_34132
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 18 July 2018 - 10:13 AM

Microsoft Edge. 

Thank you!



#8 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 18 July 2018 - 04:09 PM

You still don’t have FRST on tour desktop named as “FRST64”. You’ll need to uninstall and re-install FRST but this time please don’t rename it and save it directly to your desktop otherwise fixes won’t work:

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.
  • click the Run button.

Download FRST again from here and don’t forget to save it on the desktop.

FRST64 should now be on your desktop.

================================================

Run Farbar Recovery Scan Tool

  • right-click FRST/FRST64 and select ‘Run as administrator’
  • highlight the contents of the code box below, then press Ctrl+c):
Start::
CloseProcesses:
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
Hosts:
EmptyTemp:
End::

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • in the FRST window, press the ‘Fix’ button once and wait
  • please reboot the computer if requested
  • it will create a log on your desktop, (Fixlog.txt); please post it to your reply.

Can you let me know if the problem is still there.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 22 July 2018 - 04:13 PM

It has been several days since I sent my last post to you. Please let me me know if you completed the instructions or if the problem has been solved.

 

If I don't hear from you in 24 hours I'll assume that all is well and close this.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,918 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:09:21 PM

Posted 23 July 2018 - 05:25 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users